CVE-2021-47729 - Vulnerability Details

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Selea	Carplateserver Izero Box Full Izero Box Full Firmware Izero Column Entry\/8 Izero Column Entry\/8 Firmware Izero Column Full\/8 Izero Column Full\/8 Firmware Targa 504 Targa 504 Firmware Targa 512 Targa 512 Firmware Targa 704 Ilb Targa 704 Ilb Firmware Targa 704 Tkm Targa 704 Tkm Firmware Targa 710 Inox Targa 710 Inox Firmware Targa 750 Targa 750 Firmware Targa 805 Targa 805 Firmware Targa Ip Ocr-anpr Camera Targa Semplice Targa Semplice Firmware

Configuration 1 [-]

AND

cpe:2.3:o:selea:izero_box_full_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_box_full:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:selea:izero_column_entry\/8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_column_entry\/8:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:selea:izero_column_full\/8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_column_full\/8:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:selea:targa_504_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_504:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:selea:targa_512_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_512:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:selea:targa_704_ilb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_704_ilb:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:selea:targa_704_tkm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_704_tkm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:selea:targa_710_inox_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_710_inox:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:selea:targa_750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_750:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:selea:targa_805_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_805:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:selea:targa_semplice_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_semplice:-:*:*:*:*:*:*:*

Configuration 12 [-]

OR	cpe:2.3:a:selea:carplateserver:3.005\(191112\):::::::*
	cpe:2.3:a:selea:carplateserver:3.005\(191206\):::::::*
	cpe:2.3:a:selea:carplateserver:3.100\(200225\):::::::*
	cpe:2.3:a:selea:carplateserver:4.013\(201105\):::::::*

No data.

References

Link	Providers
https://www.exploit-db.com/exploits/49454
https://www.selea.com
https://www.selea.com/product/
https://www.vulncheck.com/advisories/selea-targa-ip-camera-stored-cross-site-scripting-via-files-list
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5614.php

History

Mon, 23 Feb 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Selea carplateserver Selea izero Box Full Selea izero Box Full Firmware Selea izero Column Entry\/8 Selea izero Column Entry\/8 Firmware Selea izero Column Full\/8 Selea izero Column Full\/8 Firmware Selea targa 504 Selea targa 504 Firmware Selea targa 512 Selea targa 512 Firmware Selea targa 704 Ilb Selea targa 704 Ilb Firmware Selea targa 704 Tkm Selea targa 704 Tkm Firmware Selea targa 710 Inox Selea targa 710 Inox Firmware Selea targa 750 Selea targa 750 Firmware Selea targa 805 Selea targa 805 Firmware Selea targa Semplice Selea targa Semplice Firmware
CPEs		cpe:2.3:a:selea:carplateserver:3.005\(191112\):::::::* cpe:2.3:a:selea:carplateserver:3.005\(191206\):::::::* cpe:2.3:a:selea:carplateserver:3.100\(200225\):::::::* cpe:2.3:a:selea:carplateserver:4.013\(201105\):::::::* cpe:2.3:h:selea:izero_box_full:-:::::::* cpe:2.3:h:selea:izero_column_entry\/8:-:::::::* cpe:2.3:h:selea:izero_column_full\/8:-:::::::* cpe:2.3:h:selea:targa_504:-:::::::* cpe:2.3:h:selea:targa_512:-:::::::* cpe:2.3:h:selea:targa_704_ilb:-:::::::* cpe:2.3:h:selea:targa_704_tkm:-:::::::* cpe:2.3:h:selea:targa_710_inox:-:::::::* cpe:2.3:h:selea:targa_750:-:::::::* cpe:2.3:h:selea:targa_805:-:::::::* cpe:2.3:h:selea:targa_semplice:-:::::::* cpe:2.3:o:selea:izero_box_full_firmware:-:::::::* cpe:2.3:o:selea:izero_column_entry\/8_firmware:-:::::::* cpe:2.3:o:selea:izero_column_full\/8_firmware:-:::::::* cpe:2.3:o:selea:targa_504_firmware:-:::::::* cpe:2.3:o:selea:targa_512_firmware:-:::::::* cpe:2.3:o:selea:targa_704_ilb_firmware:-:::::::* cpe:2.3:o:selea:targa_704_tkm_firmware:-:::::::* cpe:2.3:o:selea:targa_710_inox_firmware:-:::::::* cpe:2.3:o:selea:targa_750_firmware:-:::::::* cpe:2.3:o:selea:targa_805_firmware:-:::::::* cpe:2.3:o:selea:targa_semplice_firmware:-:::::::*
Vendors & Products		Selea carplateserver Selea izero Box Full Selea izero Box Full Firmware Selea izero Column Entry\/8 Selea izero Column Entry\/8 Firmware Selea izero Column Full\/8 Selea izero Column Full\/8 Firmware Selea targa 504 Selea targa 504 Firmware Selea targa 512 Selea targa 512 Firmware Selea targa 704 Ilb Selea targa 704 Ilb Firmware Selea targa 704 Tkm Selea targa 704 Tkm Firmware Selea targa 710 Inox Selea targa 710 Inox Firmware Selea targa 750 Selea targa 750 Firmware Selea targa 805 Selea targa 805 Firmware Selea targa Semplice Selea targa Semplice Firmware
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}`

Wed, 10 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Selea Selea targa Ip Ocr-anpr Camera
Vendors & Products		Selea Selea targa Ip Ocr-anpr Camera

Tue, 09 Dec 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.
Title		Selea Targa IP Camera Stored Cross-Site Scripting via Files List
Weaknesses		CWE-79
References		https://www.exploit-db.com/exploits/49454 https://www.selea.com https://www.selea.com/product/ https://www.vulncheck.com/advisories/selea-targa-ip-camera-stored-cross-site-scripting-via-files-list https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5614.php
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-09T20:45:17.210Z

Updated: 2025-12-09T21:25:38.174Z

Reserved: 2025-12-07T20:10:09.804Z

Link: CVE-2021-47729

Vulnrichment

Updated: 2025-12-09T21:25:35.489Z

NVD

Status : Analyzed

Published: 2025-12-09T21:15:51.400

Modified: 2026-02-23T19:00:01.170

Link: CVE-2021-47729

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object