CVE-2022-33119 - OpenCVE

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nuuo	Nvrsolo Firmware Nvrsolo

Configuration 1 [-]

AND

cpe:2.3:o:nuuo:nvrsolo_firmware:03.06.02:*:*:*:*:*:*:*

cpe:2.3:h:nuuo:nvrsolo:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/badboycxcc/nuuo-xss/blob/main/README.md	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-06-21T13:00:39

Updated: 2022-06-21T13:00:39

Reserved: 2022-06-13T00:00:00

Link: CVE-2022-33119

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-21T13:15:08.487

Modified: 2022-06-29T13:06:34.283

Link: CVE-2022-33119

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nuuo:nvrsolo_firmware:03.06.02:*:*:*:*:*:*:*", "matchCriteriaId": "AF4F8B71-A176-4D75-8F85-2F8D6EF31FD9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nuuo:nvrsolo:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E65B459-F53C-4687-9C6A-8D10399F4FC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php."}, {"lang": "es", "value": "Se ha detectado que NUUO Network Video Recorder NVRsolo versi\u00f3n v03.06.02, conten\u00eda una vulnerabilidad de tipo cross-site scripting (XSS) reflejada por medio del archivo login.php"}], "id": "CVE-2022-33119", "lastModified": "2022-06-29T13:06:34.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-21T13:15:08.487", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/badboycxcc/nuuo-xss/blob/main/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}