CVE-2026-6995: Cross-Site Scripting Envelope Vulnerability in BDCOM P3310D 0.4.2
BDCOM Security Systems has released a security vulnerability (CVE-2026-6995) in their New User Page component, allowing remote cross-site script attacks.
Descripción de la Vulnerabilidad
A security flaw discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345 affects the New User Page application. An unknown function within /index.asp accepts a "User name" argument, where manipulation results in cross-site scripting (XSS).
The vulnerability allows remote attackers to inject malicious scripts into user input fields. This is particularly dangerous as it enables session hijacking and potential data exfiltration.
Sistemas Afectados
| Tipo de Software | Versión | Firma | Prioridad CVE |
|---|---|---|---|
| BDCOM P3310D System | 0.4.2 10.1.0F Build 86345 | N/A | CVE-2026-6995 |
| BDCOM Web Application | Unknown | Unknown | CVE-2026-6995 (New User Page) |
Impacto y Explotabilidad
The vulnerability allows remote attackers to execute arbitrary scripts via user input manipulation.
| CVSS Score | Vector | Risk Level | Type |
|---|---|---|---|
| 2.4 | CVSS:3.1/A CVSS: 2.4. | LOW | CVE-2026-6995 |
Indicadores de Compromiso (IOCs)
No hay Indicadores de Compromiso públicos disponibles.
Mitigación y Parches
| Tipo de Software | Versión | Firma | Prioridad CVE |
|---|---|---|---|
| BDCOM P3310D System | 0.4.2 10.1.0F Build 86345 | N/A | CVE-2026-6995 |
| BDCOM Web Application | Unknown | Unknown | CVE-2026-6995 (New User Page) |
Updates are available from BDCOM Security Systems.