Manh Doan Duc

Name of the Vulnerable Software and Affected Versions: HikCentral Master Lite (affected versions not specified) Description: The issue is related to a Cross-Site Scripting (XSS) vulnerability, which could allow an attacker to inject scripts into certain pages by creating malicious data. This vulnerability is associated with the failure to protect the structure of web pages, potentially enabling a remote attacker to conduct inter-site script attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HikCentral Professional versions prior to 2.6.0 Description: The issue is related to a SQL injection vulnerability. This could allow an authenticated user to execute arbitrary SQL queries. The vulnerability is remotely exploitable. Recommendations: For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL query functionality until a patch is available. Avoid using user-input data in SQL queries to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: HikCentral Master Lite versions (affected versions not specified) Description: The issue is related to a CSV injection vulnerability. This vulnerability can be exploited to allow an attacker to create malicious data and generate executable commands in the CSV file. The exploitation of this vulnerability may enable an attacker to execute arbitrary commands. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.