[原文]Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file.
TrackerCam Login Log File Arbitrary HTML Injection
Remote / Network Access
Loss of Integrity
TrackerCam contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that login requests are logged without sanitization, allowing an attacker to inject arbitrary HTML or scripting in the username / password fields. When the logs are reviewed by an administrator via the TrackerCam interface, the HTML and/or script will be rendered in the admin's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.