CVE-2013-3962 Information

Description

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501 GXV3504 GXV3601 GXV3601HD/LL GXV3611HD/LL GXV3615W/P GXV3651FHD GXV3662HD GXV3615WP_HD GXV3500 and possibly other camera models before firmware 1.0.4.44 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Reference

http://seclists.org/fulldisclosure/2013/Jun/84 http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf