Reflected Cross-Site Scripting Vulnerabilities in GeoVision Web Interface
CVE-2026-7371

7.4HIGH

Key Information:

Vendor: Geovision Inc.
Status: Gv-lpc2011/lpc2211
Vendor: CVE Published:; 4 May 2026

🔔 Create Geovision Inc. Vulnerability Alert

What is CVE-2026-7371?

Multiple reflected cross-site scripting (XSS) vulnerabilities have been identified in the Web Interface of GeoVision LPC2011 and LPC2211 devices. The vulnerabilities arise within the ssi.cgi functionality, where specially crafted URLs can lead to the execution of arbitrary JavaScript code. Attackers can exploit this weakness by tricking users into clicking on maliciously crafted URLs, which will trigger the execution of malicious scripts, potentially compromising users' sessions or other sensitive data. The reflected XSS can be exploited via error messages generated when requesting non-existing pages, making it crucial for users to implement appropriate security measures.

Affected Version(s)

GV-LPC2011/LPC2211 Linux V1.10

GV-LPC2011/LPC2211 Linux V1.20

References

https://www.geovision.com.tw/cyber_security.php

vendor-advisory

https://talosintelligence.com/vulnerability_reports/

third-party-advisory

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

Philippe Laulheret of Cisco Talos.

Kelly Patterson of Cisco Talos.

Martin Zeiser of Cisco Talos.

CVE-2026-7371 Data

JSON