CVE-2024-3850

MEDIUM NUCLEI

Uniview Nvr301-04s2-p4 Firmware - XSS

Title source: rule

Description

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.

Nuclei Templates (1)

Uniview NVR301-04S2-P4 - Cross-Site Scripting

MEDIUMVERIFIEDby Bleron Rrustemi,r3naissance

FOFA: title="NVR301-04-P4"

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01

[Various Sources] https://github.com/r3naissance/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3850.yaml

View Writeup ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.1190

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

uniview/nvr301-04s2-p4_firmware < nvr-b3801.20.17.240507

Published Jun 10, 2024

Tracked Since Feb 18, 2026