WebCam Watchdog sresult.exe XSS

Medium Nessus Plugin ID 14186


The remote web server contains a CGI application that is prone to a cross-site scripting attack.


The remote host is running WebCamSoft's watchdog software. There is a CGI script included in this software suite ('sresult.exe') that fails to sanitize user-supplied input to the 'cam' parameter before using it to generate dynamic output. An attacker may exploit this issue to steal cookie-based credentials from a legitimate user of this site.


Unknown at this time.

See Also

Plugin Details

Severity: Medium

ID: 14186

File Name: webcam_watchdog_result_xss.nasl

Version: $Revision: 1.19 $

Type: remote

Published: 2004/08/02

Modified: 2015/01/16

Dependencies: 10107, 10815

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:webcam_corp:webcam_watchdog

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2004/07/29

Reference Information

CVE: CVE-2004-2528

BID: 10837

OSVDB: 8260

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990