CVE-2024-48410

Vulnerability

Description

The login.php component in Camtrace version 9.16.2.1 suffers from a reflected Cross-Site Scripting (XSS) vulnerability. The application does not properly sanitize user-supplied input passed via the login GET parameter, allowing an attacker to inject arbitrary HTML or JavaScript code. This flaw exists in all publicly available versions of the software [1].

Exploitation

An attacker can exploit the vulnerability by crafting a malicious URL that embeds an XSS payload in the login field. For example, requesting http://target/login/login.php?login=test'>test triggers the script execution in the victim's browser under the security context of the vulnerable site. No special privileges are required beyond network access to the application and inducing a user to click the crafted link [1].

Impact

Successful exploitation can lead to arbitrary code execution within the browser session of the targeted user. This can be leveraged to steal session cookies, perform actions on behalf of the victim, or escalate privileges if the victim has higher access rights. Attackers can also use publicly available fingerprinting tools (e.g., Shodan) to find exposed Camtrace instances [1].

Mitigation

The vendor has not yet released a patch for version 9.16.2.1. As a workaround, administrators should employ web application firewall (WAF) rules to filter malicious script payloads or perform input validation on the login parameter. Affected organizations should monitor for updates from Camtrace [1].