CVE-2025-0576 – Mobotix M15 player cross site scripting

https://notcve.org/view.php?id=CVE-2025-0576

19 Jan 2025 — A vulnerability was found in Mobotix M15 4.3.4.83 and classified as problematic. This issue affects some unknown processing of the file /control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt. The manipulation of the argument p_qual leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.292541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •