Roman Stevanak

**Name of the Vulnerable Software and Affected Versions** exacqVision Enterprise Manager version 20.12 **Description** The issue arises from insufficient validation, filtering, escaping, and/or encoding of user-controllable input before it is placed in output that is used as a web page served to other users. This could potentially lead to security issues, but specific details about the estimated number of affected devices or real-world incidents are not provided. **Recommendations** For exacqVision Enterprise Manager version 20.12, consider implementing proper input validation, filtering, escaping, and encoding to prevent potential security issues. As a temporary workaround, restrict access to user-controllable input fields until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** exacqVision Web Service version 21.03 **Description** The issue arises from insufficient validation, filtering, escaping, and/or encoding of user-controllable input before it is placed in output that is used as a web page served to other users. This can potentially lead to security issues when this output is served to other users. **Recommendations** For exacqVision Web Service version 21.03, consider implementing proper input validation, filtering, escaping, and encoding mechanisms to prevent malicious input from being executed. As a temporary workaround, restrict access to user-controllable input fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.