CVE-2011-5261

Name of the Vulnerable Software and Affected Versions Axis M10 Series Network Cameras M1054 firmware versions prior to 5.21

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to "admin/showReport.shtml" API endpoint.

Recommendations For firmware versions prior to 5.21, update to a version later than 5.21 to resolve the issue. As a temporary workaround, consider restricting access to the "admin/showReport.shtml" API endpoint and avoid using the pageTitle parameter until the issue is resolved.