CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8255 – AXIS (Multiple Products) - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-8255
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. Productos de AXIS Communications permiten CSRF, como lo demuestran admin/pwdgrp.cgi, vaconfig.cgi y admin/local_del.cgi. AXIS Communications suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/41626 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2015-8258 – AXIS Communications - Cross-Site Scripting / Content Injection
https://notcve.org/view.php?id=CVE-2015-8258
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." Productos de AXIS Communications con firmware hasta la versión 5.80.x permiten a atacantes remotos modificar archivos arbitrarios como a través de vectores que involucran a Open Script Editor, también conocida como "vulnerabilidad de inyección de recursos". AXIS Communications with firmware versions prior to 5.80.x suffer from cross site scripting and content inclusion vulnerabilities. • https://www.exploit-db.com/exploits/41625 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •