CVE-2021-47729

Summary

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.

Affected Software

VendorProductVersion RangeStatus
selea s.r.l.Selea Targa IP OCR-ANPR CameraModel: iZeroaffected
selea s.r.l.Selea Targa IP OCR-ANPR CameraFirmware: BLD201113005214affected
selea s.r.l.Selea Targa IP OCR-ANPR CameraCPS: 4.013(201105)affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References