Linksys Web Camera Software Next_file Parameter Cross-Site Scripting Vulnerability

It is reported that Linksys Web Camera software is prone to a cross-site scripting vulnerability that may allow a remote attacker to steal cookie-based authentication credentials or carry out other attacks.

The problem presents itself when an attacker passes malicious HTML or script code to the application via the 'next_file' parameter of the 'main.cgi' script.

Linksys Web Camera software version 2.10 is reportedly prone to this issue, however, it is possible that other versions are affected as well.


Privacy Statement
Copyright 2010, SecurityFocus