Vulnerability Description
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Bosch Video Management System | <= 9.0 |
| Bosch | Video Recording Manager | <= 3.81 |
| Bosch | Divar Ip 5000 Firmware | - |
| Bosch | Divar Ip 7000 Firmware | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.htmlVendor Advisory
FAQ
What is CVE-2021-23860?
CVE-2021-23860 is a vulnerability with a CVSS score of 5.0 (MEDIUM). An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that...
How severe is CVE-2021-23860?
CVE-2021-23860 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23860?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Bosch Video Management System, Bosch Video Recording Manager, Bosch Divar Ip 5000 Firmware, Bosch Divar Ip 7000 Firmware.