CVE-2021-23848
Reflected XSS in URL handler
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.
Un error en el controlador de URL de las cámaras Bosch IP puede conllevar a un ataque de tipo cross site scripting (XSS) reflejado en la interfaz basada en web. Un atacante con conocimiento de la dirección de la cámara puede enviar un enlace diseñado a un usuario, que ejecutará código javascript en el contexto del usuario
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-12 CVE Reserved
- 2021-06-09 CVE Published
- 2024-09-16 CVE Updated
- 2025-06-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html | 2021-06-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bosch Search vendor "Bosch" | Cpp4 Firmware Search vendor "Bosch" for product "Cpp4 Firmware" | - | - |
Affected
| in | Bosch Search vendor "Bosch" | Cpp4 Search vendor "Bosch" for product "Cpp4" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Cpp6 Firmware Search vendor "Bosch" for product "Cpp6 Firmware" | - | - |
Affected
| in | Bosch Search vendor "Bosch" | Cpp6 Search vendor "Bosch" for product "Cpp6" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Cpp7 Firmware Search vendor "Bosch" for product "Cpp7 Firmware" | - | - |
Affected
| in | Bosch Search vendor "Bosch" | Cpp7 Search vendor "Bosch" for product "Cpp7" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Cpp7.3 Firmware Search vendor "Bosch" for product "Cpp7.3 Firmware" | - | - |
Affected
| in | Bosch Search vendor "Bosch" | Cpp7.3 Search vendor "Bosch" for product "Cpp7.3" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Cpp13 Firmware Search vendor "Bosch" for product "Cpp13 Firmware" | - | - |
Affected
| in | Bosch Search vendor "Bosch" | Cpp13 Search vendor "Bosch" for product "Cpp13" | - | - |
Safe
|