CVE-2026-6824EPSS p40.4%

CVE-2026-6824CVE-2026-6824

Description

A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft.

Scoring

CVSS 8.4 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.4% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3626
CVE
CVE-2026-20764
CVE
CVE-2026-2101
CVE
CVE-2026-34176
CVE
CVE-2026-25786
CVE
CVE-2025-10264
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.