CVE-2021-23860
Summary
| CVE | CVE-2021-23860 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-08 22:15:00 UTC |
| Updated | 2021-12-14 16:36:00 UTC |
| Description | An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bosch | Bosch Video Management System | All | All | All | All |
| Application | Bosch | Bosch Video Management System | 10.1 | All | All | All |
| Application | Bosch | Bosch Video Management System | 11.0 | All | All | All |
| Application | Bosch | Bosch Video Management System | All | All | All | All |
| Operating System | Bosch | Divar Ip 5000 Firmware | - | All | All | All |
| Operating System | Bosch | Divar Ip 7000 Firmware | - | All | All | All |
| Application | Bosch | Video Recording Manager | All | All | All | All |
| Application | Bosch | Video Recording Manager | All | All | All | All |
| Application | Bosch | Video Recording Manager | All | All | All | All |
| Application | Bosch | Video Recording Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Vulnerabilities in Bosch BT software products | Bosch PSIRT | CONFIRM | psirt.bosch.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.