CVE-2018-7827

A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session.

Published: May 22, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-7827
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
schneider-electric / d6220_firmware	2.11	2.11.x
schneider-electric / d6220l_firmware	2.11	2.11.x
schneider-electric / d6230_firmware	2.11	2.11.x
schneider-electric / d6230l_firmware	2.11	2.11.x
schneider-electric / imes19-1i_firmware	-	2.2.3.0
schneider-electric / imes19-1s_firmware	-	2.2.3.0
schneider-electric / imes19-1p_firmware	-	2.2.3.0
schneider-electric / ime119-1i_firmware	-	2.2.3.0
schneider-electric / ime119-1s_firmware	-	2.2.3.0
schneider-electric / ime119-1p_firmware	-	2.2.3.0
schneider-electric / ime219-1i_firmware	-	2.2.3.0
schneider-electric / ime219-1s_firmware	-	2.2.3.0
schneider-electric / ime219-1p_firmware	-	2.2.3.0
schneider-electric / ime319-1i_firmware	-	2.2.3.0
schneider-electric / ime319-1s_firmware	-	2.2.3.0
schneider-electric / ime319-1p_firmware	-	2.2.3.0
schneider-electric / ime319-b1i_firmware	-	2.2.3.0
schneider-electric / ime319-b1s_firmware	-	2.2.3.0
schneider-electric / ime319-b1p_firmware	-	2.2.3.0
schneider-electric / ime3122-1i_firmware	-	2.2.3.0
schneider-electric / ime3122-b1i_firmware	-	2.2.3.0
schneider-electric / ime3122-1s_firmware	-	2.2.3.0
schneider-electric / ime3122-b1s_firmware	-	2.2.3.0
schneider-electric / ime3122-1p_firmware	-	2.2.3.0
schneider-electric / ime3122-b1p_firmware	-	2.2.3.0
schneider-electric / imes19-1ei_firmware	-	2.2.3.0
schneider-electric / imes19-1es_firmware	-	2.2.3.0
schneider-electric / imes19-1ep_firmware	-	2.2.3.0
schneider-electric / ime119-1ei_firmware	-	2.2.3.0
schneider-electric / ime119-1es_firmware	-	2.2.3.0
schneider-electric / ime119-1ep_firmware	-	2.2.3.0
schneider-electric / ime219-1ei_firmware	-	2.2.3.0
schneider-electric / ime219-1es_firmware	-	2.2.3.0
schneider-electric / ime219-1ep_firmware	-	2.2.3.0
schneider-electric / ime319-1ei_firmware	-	2.2.3.0
schneider-electric / ime319-1es_firmware	-	2.2.3.0
schneider-electric / ime319-1ep_firmware	-	2.2.3.0
schneider-electric / ime3122-1ei_firmware	-	2.2.3.0
schneider-electric / ime3122-1es_firmware	-	2.2.3.0
schneider-electric / ime3122-1ep_firmware	-	2.2.3.0
schneider-electric / imes19-1vi_firmware	-	2.2.3.0
schneider-electric / imes19-1vs_firmware	-	2.2.3.0
schneider-electric / imes19-1vp_firmware	-	2.2.3.0
schneider-electric / ime119-1vi_firmware	-	2.2.3.0
schneider-electric / ime119-1vs_firmware	-	2.2.3.0
schneider-electric / ime119-1vp_firmware	-	2.2.3.0
schneider-electric / ime219-1vi_firmware	-	2.2.3.0
schneider-electric / ime219-1vs_firmware	-	2.2.3.0
schneider-electric / ime219-1vp_firmware	-	2.2.3.0
schneider-electric / ime319-1vi_firmware	-	2.2.3.0
schneider-electric / ime319-1vs_firmware	-	2.2.3.0
schneider-electric / ime319-1vp_firmware	-	2.2.3.0
schneider-electric / ime3122-1vi_firmware	-	2.2.3.0
schneider-electric / ime3122-1vs_firmware	-	2.2.3.0
schneider-electric / ime3122-1vp_firmware	-	2.2.3.0
schneider-electric / ixes1_firmware	-	2.2.3.0
schneider-electric / ixe11_firmware	-	2.2.3.0
schneider-electric / ixe21_firmware	-	2.2.3.0
schneider-electric / ixe31_firmware	-	2.2.3.0

https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/

Vulnerability Database

289,697

CVE-2018-7827