Back to search
CVE-2006-2490
Published: May 19, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060822 Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug
mailing-list
x_refsource_BUGTRAQ
18022
vdb-entry
x_refsource_BID
20151
third-party-advisory
x_refsource_SECUNIA
20060517 Mobotix IP Network Cameras Multiple XSS
mailing-list
x_refsource_BUGTRAQ
25621
vdb-entry
x_refsource_OSVDB
http://www.eazel.es/media/advisory001.html
x_refsource_MISC
1016128
vdb-entry
x_refsource_SECTRACK
25622
vdb-entry
x_refsource_OSVDB
929
third-party-advisory
x_refsource_SREASON
ADV-2006-1857
vdb-entry
x_refsource_VUPEN
20060821 CVE-2006-2490 (Mobotix) vendor ACK
mailing-list
x_refsource_VIM
mobotix-multiple-xss(26538)
vdb-entry
x_refsource_XF
25623
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now