Improvements and security updates
Fixed a display error for the camera overview page. In some cases the picture frame was missing.
Comprehensive security update to address the following vulnerabilities for authenticated web users (users who have a username and password and can log in to the system. Without a username and password, the vulnerabilities cannot be abused):
Fixed Cross-Side Scripting (XSS) vulnerabilities in various web pages. Authenticated users were able to abuse cross-side scripting holes.
Fixed SQL injection vulnerabilities in various websites. Authenticated user could abuse SQL injection vulnerability.
Fixed backup file vulnerability. Authenticated users were able to carry out various misuse scenarios using the backup function.
Fixed a Cross-Site Request Forgery (CSRF) vulnerability. Authenticated users with administrator rights could be undesirably persuaded to create user accounts or change passwords.
Fixed a vulnerability in the Create SSL certificates via web interface function. A vulnerability allowed authenticated users to execute third-party code.
New Video Surveillance Version 5.30 Security Updates
Moderator: michaelr
