Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-29191
HistoryApr 04, 2024 - 3:15 p.m.

CVE-2024-29191

2024-04-0415:15:39
CWE-79
[email protected]
web.nvd.nist.gov
1
gotortc
camera streaming
cross-site scripting
dom-based
vulnerability
patch

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (links.html) appends the src GET parameter ([0]) in all of its links for 1-click previews. The context in which src is being appended is innerHTML ([1]), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.

Related

cve 1
osv 1
cvelist 1
veracode 1
cve
cve
CVE-2024-29191
2024-04-04 15:15:39
osv
osv
CVE-2024-29191
2024-04-04 15:15:39
cvelist
cvelist
CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability
2024-04-04 14:52:30
veracode
veracode
Cross-Site Scripting (XSS)
2024-04-05 06:56:47

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVD:CVE-2024-29191
cve1osv1cvelist1veracode1