CNNVD-202512-5540 Information
CNNVD ID
CNNVD-202512-5540
Related CVE
- CNNVD Published: 2025-12-31
Description (Chinese)
STVS ProVision是美国STVS公司的一款先进视频管理系统。 STVS ProVision 5.9.10版本存在跨站脚本漏洞,该漏洞源于对files POST参数输入验证不足,可能导致经过身份验证的攻击者注入任意HTML代码。
Description (English)
STVS ProVision is an advanced video management system of the United States company STVS. Version 5.9.10 of STVS ProVision has a cross-site script loophole, which stems from the inadequate verification of input of Files POST parameters, which may lead to the injection of any HTML code by an identified assailant.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
STVS
Published
2025-12-31
Last Modified
2026-02-24
References
https://cxsecurity.com/issue/WLB-2021010188 https://exchange.xforce.ibmcloud.com/vulnerabilities/195723 https://packetstormsecurity.com/files/161158/STVS-ProVision-5.9.10-Cross-Site-Scripting.html https://stvs.com/ https://www.vulncheck.com/advisories/stvs-provision-authenticated-reflected-cross-site-scripting-via-files-parameter https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5624.php
Share on: