CVE-2019-19293

Name of the Vulnerable Software and Affected Versions Control Center Server (CCS) versions prior to V1.5.0 SiNVR 3 Central Control Server (all versions) SiNVR 3 Video Server (all versions)

Description A reflected Cross-site Scripting (XSS) vulnerability has been identified in the web interface of the Control Center Server (CCS) and SiNVR 3 Central Control Server. This vulnerability could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface. The issue is related to the lack of input data sanitization, which may enable a remote attacker to gain unauthorized access to protected information or perform arbitrary actions on the vulnerable device.

Recommendations For Control Center Server (CCS) versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue. For SiNVR 3 Central Control Server and SiNVR 3 Video Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web interface of the Control Center Server to minimize the risk of exploitation.