Vulnerability Details CVE-2026-42366
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.0%
CVSS Severity
CVSS v3 Score 7.4
References
Products affected by CVE-2026-42366
-
cpe:2.3:h:geovision:gv-lpc2011:-
-
cpe:2.3:h:geovision:gv-lpc2211:-
-
cpe:2.3:o:geovision:gv-lpc2011_firmware:1.10
-
cpe:2.3:o:geovision:gv-lpc2211_firmware:1.10