CVE-2026-7371
HIGHGeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities
Title source: cnaDescription
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting non-existing page.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.geovision.com.tw/cyber_security.php
Third Party Advisory third-party-advisory
https://talosintelligence.com/vulnerability_reports/
Scores
CVSS v3
7.4
EPSS
0.0004
EPSS Percentile
12.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (4)
geovision/gv-lpc2011_firmware
1.10
geovision/gv-lpc2211_firmware
1.10
GeoVision Inc./GV-LPC2011/LPC2211
V1.10
GeoVision Inc./GV-LPC2011/LPC2211
V1.20
Published
May 04, 2026
Tracked Since
May 04, 2026