CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-15885
https://notcve.org/view.php?id=CVE-2017-15885
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214. XSS reflejado en el portal de administración web en la versión 2.03 de la cámara de red Axis 2100 permite que un atacante ejecute código JavaScript arbitrario mediante el parámetro conf_Layout_OwnTitle en view/view.shtml. NOTA: esta vulnerabilidad puede solaparse con CVE-2007-5214 • https://distributedcompute.com/2017/10/24/axis-2100-network-camera-2-03-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12413 – Axis 2100 Network Camera 2.43 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-12413
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. Los dispositivos AXIS 2100 en su versión 2.43 tienen una vulnerabilidad de tipo Cross-Site Scripting (XSS) a través de la URI, probablemente relacionada con admin/admin.shtml. Axis 2100 Network Camera version 2.43 suffers from a cross site scripting vulnerability. • https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 2CVE-2015-8256 – Axis Network Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8256
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. Múltiples vulnerabilidad XSS en camaras Axis network. AXIS Network Cameras suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/39683 http://packetstormsecurity.com/files/141674/AXIS-Network-Camera-Cross-Site-Scripting.html http://www.securityfocus.com/bid/97699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 11EXPL: 2CVE-2015-8257 – AXIS (Multiple Products) - 'devtools ' (Authenticated) Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-8257
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. El script devtools.sh en las cámaras de red AXIS permite a los usuarios autenticados remotos ejecutar comandos arbitrarios a través de los metacaracteres de la shell en el parámetro app (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml o (4) App_params.shtml. Multiple products from AXIS suffer from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/40171 http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html http://www.securityfocus.com/bid/92159 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2011-5261 – Axis M10 Series Network Cameras - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5261
Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en serverreport.cgi en Axis M10 Series Network Cameras M1054 firmware v5.21, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro pageTitle para admin/showReport.shtml. • https://www.exploit-db.com/exploits/36428 http://metzgersecurity.blogspot.com/2011/11/xss-vulnerability-axis-m10-series.html http://osvdb.org/77395 http://secunia.com/advisories/47037 http://www.securityfocus.com/bid/50968 https://exchange.xforce.ibmcloud.com/vulnerabilities/71687 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •