CVE-2026-6824

Sažetak

A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft.

Reference

https://drive.google.com/file/d/1Ctxdp55UtlrQY7CSepkImM9zFgdcuCyL/view
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-05.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-05

CVSS

Base:	8.4
Impact:	6.0
Exploitability:	1.7

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Zadnje važnije ažuriranje

01-06-2026 - 17:07

Objavljeno

29-05-2026 - 18:17