CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
boschCNA
5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
boschbosch_video_management_system
𝑥
≤ 9.0
boschbosch_video_management_system
10.0 ≤
𝑥
< 10.0.2
boschbosch_video_management_system
10.1
boschbosch_video_management_system
11.0
boschvideo_recording_manager
𝑥
≤ 3.81
boschvideo_recording_manager
3.82 ≤
𝑥
≤ 3.82.0057
boschvideo_recording_manager
3.83 ≤
𝑥
≤ 3.83.0021
boschvideo_recording_manager
4.0 ≤
𝑥
≤ 4.00.0070
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html