Title: Seyeon Technology FlexWATCH Server Cross-Site Scripting Vulnerability
Severity: MODERATE
Description:
FlexWATCH Network Video Server is used to deliver real time video over a network. The server also allows users to use a web browser as a client.
A cross-site scripting vulnerability has been identified in the software. It has been reported that due to insufficient sanitization of user-supplied input, HTML and script code may be rendered in a user's browser. Although unconfirmed, this attack may result from an error page generated by the server. Reportedly, an attacker may send a large number of characters via a URI request followed by script code to carry out an attack.
Due to the nature of this vulnerability, it may be possible for a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks.
These issues have been reported to exist in FlexWATCH versions 2.2 and prior.
Affected Products:
- Seyeon FlexWATCH Network Video Server 2.2.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
