Linksys Web Camera main.cgi cross-site scripting
| linksys-webcamera-main-xss (16415) |  Medium Risk |
Description:
Linksys Web Camera is vulnerable to cross-site scripting, caused by improper filtering of user-supplied input. A remote attacker could embed malicious script within a specially-crafted URL request to the main.cgi script, which would be executed in the victim's Web browser within the security context of the hosting site, once the URL is clicked. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials, obtain other sensitive information or launch further attacks against the affected system.
Consequences:
Obtain Information
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Sun Jun 13 2004 - 09:06:58 CDT: Linksys Web Camera Cross-site Scripting Vuln.
- Linksys Web Site: Linksys Web Camera WVC11B Web page.
- BID-10533: Linksys Web Camera Software Next_file Parameter Cross-Site Scripting Vulnerability
- CVE-2004-2508: Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
- SA11881: Linksys Internet Video Camera Products "next_file" Cross-Site Scripting Vulnerability
- SECTRACK ID: 1010424: Linksys Video Camera Discloses Host Files to Remote Users
Platforms Affected:
- Linksys WVC11B 2.10
Reported:
Jun 14, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net