Primary

Context

FLIR AX8 Cross-Site Scripting Vulnerability in prod.php

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the FLIR AX8 camera, affecting versions up to 1.46.16. The issue arises in the file prod.php, where the cmd parameter can be manipulated to inject malicious scripts. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to prod.php with a crafted cmd parameter that includes a script tag. For example, include a script tag with JavaScript code, such as an alert, to demonstrate the XSS payload.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FLIR AX8 Cross-Site Scripting Vulnerability in prod.php

Vulnerability

Impact

Reproduction

Affected Products

FLIR AX8

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating