CVE-2026-7371

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10

Description Multiple reflected cross-site scripting (XSS) issues exist in the Web Interface / 'ssi.cgi' functionality. A reflected XSS occurs when an application includes untrusted data in a web page without proper validation, allowing an attacker to execute malicious scripts in the victim's browser. In this case, a specially crafted URL, specifically through the error message generated when requesting a non-existing page, can lead to arbitrary JavaScript code execution.

Recommendations As a temporary workaround, restrict access to the 'ssi.cgi' functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.