EUVD-2025-35685

ID: EUVD-2025-35685

Severity: medium

CVSS v4: 4.8 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.

Timestamps

Normalized: 2025-12-31T11:32:33Z UTC
Last updated: 2025-12-31T11:31:20Z UTC

References

No references provided.

VulnAI

EUVD-2025-35685

Description

Timestamps

References