Cyber Posture

CVE-2026-7371

High

Published: 04 May 2026

Published
04 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS Score 0.0004 12.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger…

more

this vulnerability. Reflected XXS via the error message for requesting non-existing page.

Mitigating Controls (NIST 800-53 r5)AI

SI-11 Error Handling good match
prevent

Directly mitigates reflected XSS in error messages by requiring generic error responses that do not disclose system state or reflect untrusted input.

SI-15 Information Output Filtering good match
prevent

Prevents arbitrary JavaScript execution from crafted URLs by filtering outputs in the web interface, including error pages.

SI-10 Information Input Validation good match
prevent

Validates inputs from malicious URLs to the ssi.cgi functionality, blocking payloads that could lead to XSS execution.

Security SummaryAI

CVE-2026-7371 describes multiple reflected cross-site scripting (XSS) vulnerabilities in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 version 1.10. These flaws allow a specially crafted malicious URL to trigger arbitrary JavaScript code execution within a victim's browser. The issue specifically arises from reflected XSS in the error message displayed when requesting a non-existing page.

An unauthenticated attacker with network access can exploit this vulnerability by providing a crafted URL to a target user, requiring user interaction such as clicking a link or visiting the malicious page (UI:R). Successful exploitation leads to JavaScript execution in the context of the web interface (S:C), resulting in high confidentiality impact (C:H) by potentially stealing sensitive data like session cookies or credentials, with no impact on integrity or availability (I:N/A:N). The vulnerability has a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N) and is associated with CWE-79.

Mitigation details are available in advisories from Talos Intelligence (https://talosintelligence.com/vulnerability_reports/) and GeoVision's cyber security page (https://www.geovision.com.tw/cyber_security.php). Security practitioners should consult these resources for patch information or workarounds specific to the affected GeoVision devices.

Details

CWE(s)
CWE-79

Affected Products

geovision
gv-lpc2011 firmware
1.10
geovision
gv-lpc2211 firmware
1.10

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
attack.mitre.org →
Why these techniques?

Reflected XSS in public-facing web interface directly enables T1190 exploitation; triggers arbitrary JS execution (T1059.007); facilitates session cookie theft (T1539); crafted malicious URLs are typically delivered via spearphishing links (T1566.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References