漏洞描述
NUUO Network Video Recorder(NVR)是中国台湾NUUO公司的一款网络视频记录器。 NUUO Network VideoRecorder NVRsolo3.9.1版本存在跨站脚本漏洞,该漏洞源于软件针对用户提交的请求参数缺少有效的过滤和转义。攻击者可利用该漏洞可以通过注入恶意JavaScript代码来窃取用户的会话,从而导致会话劫持。
NUUO NVRsolo Video Recorder v03.06.02反射型XSS漏洞(CVE-2022-33119)
PoC代码
暂无相关漏洞推荐
- POC CVE-2010-0696: Joomla! Component Jw_allVideos - Arbitrary File Retrieval
- POC CVE-2014-9094: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
- POC CVE-2016-1000134: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC CVE-2016-1000135: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC CVE-2016-1000148: WordPress S3 Video <=0.983 - Cross-Site Scripting
- POC CVE-2021-24970: WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
- POC CVE-2021-39350: FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
- POC CVE-2022-0826: WordPress WP Video Gallery <=1.7.1 - SQL Injection
- POC CVE-2022-1392: WordPress Videos sync PDF <=1.7.4 - Local File Inclusion
- POC CVE-2022-2633: All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
- POC CVE-2022-32770: WWBN AVideo 11.6 - Cross-Site Scripting
- POC CVE-2022-32771: WWBN AVideo 11.6 - Cross-Site Scripting
- POC CVE-2022-32772: WWBN AVideo 11.6 - Cross-Site Scripting