CVE-2021-23854

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:bosch:cpp6_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:bosch:cpp7_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:bosch:cpp7.3_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:bosch:cpp13_firmware:7.75:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp13_firmware:7.76:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:51

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : 6.1
v2 : 4.3
v3 : 8.3
References () https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html - Vendor Advisory () https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html - Vendor Advisory

17 Jun 2021, 16:47

Type Values Removed Values Added
CPE cpe:2.3:o:bosch:cpp6_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp13_firmware:7.76:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp13_firmware:7.75:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.70:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
CWE CWE-79
References (CONFIRM) https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html - (CONFIRM) https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html - Vendor Advisory

09 Jun 2021, 15:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-09 15:15

Updated : 2024-11-21 05:51


NVD link : CVE-2021-23854

Mitre link : CVE-2021-23854

CVE.ORG link : CVE-2021-23854


JSON object : View

Products Affected

bosch

  • cpp6
  • cpp6_firmware
  • cpp13_firmware
  • cpp7.3
  • cpp7
  • cpp7_firmware
  • cpp13
  • cpp7.3_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')