Vulnerabilities > Milesight > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-05 | CVE-2023-43260 | Cross-site Scripting vulnerability in Milesight products Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. | 6.1 |
| 2023-07-06 | CVE-2023-23547 | Path Traversal vulnerability in Milesight Ur32L Firmware 32.3.0.5 A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. | 6.5 |
| 2023-07-06 | CVE-2023-24496 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Milesight Milesightvpn 2.0.2 Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. | 4.7 |
| 2019-10-25 | CVE-2016-2360 | Use of Hard-coded Credentials vulnerability in Milesight IP Security Camera Firmware Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | 5.0 |
| 2019-10-25 | CVE-2016-2358 | Use of Hard-coded Credentials vulnerability in Milesight IP Security Camera Firmware Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. | 5.0 |
| 2019-10-25 | CVE-2016-2357 | Use of Hard-coded Credentials vulnerability in Milesight IP Security Camera Firmware Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | 5.0 |