Cyber Posture

CVE-2026-7371

High

Published: 04 May 2026

Published
04 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS Score 0.0004 13.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7371 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Geovision Gv-Lpc2011 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-11 Error Handling good match
prevent

Directly mitigates reflected XSS in error messages by requiring generic error responses that do not disclose system state or reflect untrusted input.

SI-15 Information Output Filtering good match
prevent

Prevents arbitrary JavaScript execution from crafted URLs by filtering outputs in the web interface, including error pages.

SI-10 Information Input Validation good match
prevent

Validates inputs from malicious URLs to the ssi.cgi functionality, blocking payloads that could lead to XSS execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
attack.mitre.org →
Why these techniques?

Reflected XSS in public-facing web interface directly enables T1190 exploitation; triggers arbitrary JS execution (T1059.007); facilitates session cookie theft (T1539); crafted malicious URLs are typically delivered via spearphishing links (T1566.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger…

more

this vulnerability. Reflected XXS via the error message for requesting non-existing page.

Deeper analysisAI

CVE-2026-7371 describes multiple reflected cross-site scripting (XSS) vulnerabilities in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 version 1.10. These flaws allow a specially crafted malicious URL to trigger arbitrary JavaScript code execution within a victim's browser. The issue specifically arises from reflected XSS in the error message displayed when requesting a non-existing page.

An unauthenticated attacker with network access can exploit this vulnerability by providing a crafted URL to a target user, requiring user interaction such as clicking a link or visiting the malicious page (UI:R). Successful exploitation leads to JavaScript execution in the context of the web interface (S:C), resulting in high confidentiality impact (C:H) by potentially stealing sensitive data like session cookies or credentials, with no impact on integrity or availability (I:N/A:N). The vulnerability has a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N) and is associated with CWE-79.

Mitigation details are available in advisories from Talos Intelligence (https://talosintelligence.com/vulnerability_reports/) and GeoVision's cyber security page (https://www.geovision.com.tw/cyber_security.php). Security practitioners should consult these resources for patch information or workarounds specific to the affected GeoVision devices.

Details

CWE(s)
CWE-79

Affected Products

geovision
gv-lpc2011 firmware
1.10
geovision
gv-lpc2211 firmware
1.10

CVEs Like This One

CVE-2026-42366Same product: Geovision Gv-Lpc2011
CVE-2026-42365Same product: Geovision Gv-Lpc2011
CVE-2026-42364Same product: Geovision Gv-Lpc2011
CVE-2026-42368Same product: Geovision Gv-Lpc2011
CVE-2025-67952Shared CWE-79
CVE-2026-25342Shared CWE-79
CVE-2025-68842Shared CWE-79
CVE-2026-25354Shared CWE-79
CVE-2025-23621Shared CWE-79
CVE-2026-34563Shared CWE-79

References