Cross-Site Scripting Vulnerability in Mobotix M15 by Mobotix
CVE-2025-0576

4.3MEDIUM

Key Information:

Vendor: Mobotix
Status: Mobotix M15
Vendor: CVE Published:; 20 January 2025

Summary

A vulnerability in Mobotix M15 version 4.3.4.83 allows attackers to exploit the file handling of specific arguments. Manipulation of the 'p_qual' parameter can lead to reflected cross-site scripting attacks, enabling unauthorized access to user data or session hijacking. The threat can be initiated remotely, amplifying its risk. Despite early disclosure to the vendor, no response has been reported, leaving the exploit publicly accessible.

References

https://vuldb.com/?ctiid.292541

https://vuldb.com/?id.292541

https://vuldb.com/?submit.475602

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2025