MEDIUM
Uniview
CVE published 2024-06-04
CVE-2024-3850
CVE-2024-3850 is a reflected cross-site scripting (XSS) vulnerability in the Uniview NVR301-04S2-P4 network video recorder. The flaw exists in pages under the /LAPI/ directory and affects both authenticated and unauthenticated interfaces. An attacker could craft a malicious URL that, when clicked by a victim, executes arbitrary JavaScript in the browser context. The vulnerability was disclosed by CISA on [truncated]