CVE-2026-7371

MEDIUM EPSS 9.5%

Published May 4, 20261mo ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published May 4, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting non-existing page.

CVSS Details

Base Score

6.1

Exploitability

2.8

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

9.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 4

Vendor	Product	Version	Range
geovision	gv-lpc2011_firmware	1.10	any
geovision	gv-lpc2011	*	any
geovision	gv-lpc2211_firmware	1.10	any
geovision	gv-lpc2211	*	any

References 2

talosintelligence.com https://talosintelligence.com/vulnerability_reports/

Third Party Advisory
geovision.com.tw https://www.geovision.com.tw/cyber_security.php

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.