CVE-2006-2490 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mobotix	Mobotix Ip Network Camera

Configuration 1 [-]

OR	cpe:2.3:a:mobotix:mobotix_ip_network_camera:d10:::::::*
	cpe:2.3:a:mobotix:mobotix_ip_network_camera:m1_1.9.4.7:::::::*
	cpe:2.3:a:mobotix:mobotix_ip_network_camera:m10_2.0.5.2:::::::*
	cpe:2.3:a:mobotix:mobotix_ip_network_camera:m22:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/20151
http://securityreason.com/securityalert/929
http://securitytracker.com/id?1016128
http://www.attrition.org/pipermail/vim/2006-August/000980.html
http://www.eazel.es/media/advisory001.html
http://www.osvdb.org/25621
http://www.osvdb.org/25622
http://www.osvdb.org/25623
http://www.securityfocus.com/archive/1/434289/100/0/threaded
http://www.securityfocus.com/archive/1/444018/100/0/threaded
http://www.securityfocus.com/bid/18022
http://www.vupen.com/english/advisories/2006/1857
https://exchange.xforce.ibmcloud.com/vulnerabilities/26538

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-19T23:00:00

Updated: 2024-08-07T17:51:04.893Z

Reserved: 2006-05-19T00:00:00

Link: CVE-2006-2490

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-05-19T23:02:00.000

Modified: 2024-11-21T00:11:25.787

Link: CVE-2006-2490

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060822 Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444018/100/0/threaded"}, {"name": "18022", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18022"}, {"name": "20151", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20151"}, {"name": "20060517 Mobotix IP Network Cameras Multiple XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/434289/100/0/threaded"}, {"name": "25621", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25621"}, {"tags": ["x_refsource_MISC"], "url": "http://www.eazel.es/media/advisory001.html"}, {"name": "1016128", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016128"}, {"name": "25622", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25622"}, {"name": "929", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/929"}, {"name": "ADV-2006-1857", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1857"}, {"name": "20060821 CVE-2006-2490 (Mobotix) vendor ACK", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2006-August/000980.html"}, {"name": "mobotix-multiple-xss(26538)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26538"}, {"name": "25623", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25623"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2490", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060822 Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444018/100/0/threaded"}, {"name": "18022", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18022"}, {"name": "20151", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20151"}, {"name": "20060517 Mobotix IP Network Cameras Multiple XSS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/434289/100/0/threaded"}, {"name": "25621", "refsource": "OSVDB", "url": "http://www.osvdb.org/25621"}, {"name": "http://www.eazel.es/media/advisory001.html", "refsource": "MISC", "url": "http://www.eazel.es/media/advisory001.html"}, {"name": "1016128", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016128"}, {"name": "25622", "refsource": "OSVDB", "url": "http://www.osvdb.org/25622"}, {"name": "929", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/929"}, {"name": "ADV-2006-1857", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1857"}, {"name": "20060821 CVE-2006-2490 (Mobotix) vendor ACK", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2006-August/000980.html"}, {"name": "mobotix-multiple-xss(26538)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26538"}, {"name": "25623", "refsource": "OSVDB", "url": "http://www.osvdb.org/25623"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:51:04.893Z"}, "title": "CVE Program Container", "references": [{"name": "20060822 Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/444018/100/0/threaded"}, {"name": "18022", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18022"}, {"name": "20151", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20151"}, {"name": "20060517 Mobotix IP Network Cameras Multiple XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/434289/100/0/threaded"}, {"name": "25621", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25621"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.eazel.es/media/advisory001.html"}, {"name": "1016128", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016128"}, {"name": "25622", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25622"}, {"name": "929", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/929"}, {"name": "ADV-2006-1857", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1857"}, {"name": "20060821 CVE-2006-2490 (Mobotix) vendor ACK", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2006-August/000980.html"}, {"name": "mobotix-multiple-xss(26538)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26538"}, {"name": "25623", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25623"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2490", "datePublished": "2006-05-19T23:00:00", "dateReserved": "2006-05-19T00:00:00", "dateUpdated": "2024-08-07T17:51:04.893Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mobotix:mobotix_ip_network_camera:d10:*:*:*:*:*:*:*", "matchCriteriaId": "483AD916-B69E-40CD-A50F-FFC226A561D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mobotix:mobotix_ip_network_camera:m1_1.9.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "E1FC677F-6D6E-43D3-B079-19B342F9555F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mobotix:mobotix_ip_network_camera:m10_2.0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9AD689C6-70F6-4C14-B338-1BAD032058B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mobotix:mobotix_ip_network_camera:m22:*:*:*:*:*:*:*", "matchCriteriaId": "312F2F5C-0791-4540-BBBA-63695478F123", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar."}], "evaluatorSolution": "Vendor Provided Solution Statement:\r\n\r\nAccording the vendor, MOBOTIX \"has resolved this problem as of 2006-06-27.\r\nMOBOTIX AG provides new software versions that include a security patch that prevents cross site scripting flaws. Customers are encouraged to upgrade to at least software version\r\n- V2.2.3.18 (for camera models M10/D10) and\r\n- V3.0.3.31 (for camera model M22)\r\nor higher (if available). The software is available for download from our website http://www.mobotix.com/services/software_downloads\"\r\n", "id": "CVE-2006-2490", "lastModified": "2024-11-21T00:11:25.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-19T23:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20151"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/929"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1016128"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2006-August/000980.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.eazel.es/media/advisory001.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/25621"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/25622"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/25623"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434289/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444018/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18022"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1857"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1016128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2006-August/000980.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.eazel.es/media/advisory001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/25621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/25622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/25623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434289/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444018/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1857"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26538"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}