CVE-2021-47729 - Vulnerability Details

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00064.

Exploitation poc

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

selea s.r.l.

Selea Targa IP OCR-ANPR Camera

unaffected

Version	Status	Constraints
`Model: iZero`	affected	—
`Firmware: BLD201113005214`	affected	—
`CPS: 4.013(201105)`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:selea:izero_box_full_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_box_full:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:selea:izero_column_entry\/8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_column_entry\/8:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:selea:izero_column_full\/8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:izero_column_full\/8:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:selea:targa_504_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_504:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:selea:targa_512_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_512:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:selea:targa_704_ilb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_704_ilb:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:selea:targa_704_tkm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_704_tkm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:selea:targa_710_inox_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_710_inox:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:selea:targa_750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_750:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:selea:targa_805_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_805:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:selea:targa_semplice_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:selea:targa_semplice:-:*:*:*:*:*:*:*

Configuration 12 [-]

OR	cpe:2.3:a:selea:carplateserver:3.005\(191112\):::::::*
	cpe:2.3:a:selea:carplateserver:3.005\(191206\):::::::*
	cpe:2.3:a:selea:carplateserver:3.100\(200225\):::::::*
	cpe:2.3:a:selea:carplateserver:4.013\(201105\):::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Selea Subscribe	Targa Ip Ocr-anpr Camera Subscribe

Project Subscriptions

Vendors	Products
Selea Subscribe	Carplateserver Subscribe Izero Box Full Subscribe Izero Box Full Firmware Subscribe Izero Column Entry\/8 Subscribe Izero Column Entry\/8 Firmware Subscribe Izero Column Full\/8 Subscribe Izero Column Full\/8 Firmware Subscribe Targa 504 Subscribe Targa 504 Firmware Subscribe Targa 512 Subscribe Targa 512 Firmware Subscribe Targa 704 Ilb Subscribe Targa 704 Ilb Firmware Subscribe Targa 704 Tkm Subscribe Targa 704 Tkm Firmware Subscribe Targa 710 Inox Subscribe Targa 710 Inox Firmware Subscribe Targa 750 Subscribe Targa 750 Firmware Subscribe Targa 805 Subscribe Targa 805 Firmware Subscribe Targa Ip Ocr-anpr Camera Subscribe Targa Semplice Subscribe Targa Semplice Firmware Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.exploit-db.com/exploits/49454
https://www.selea.com
https://www.selea.com/product/
https://www.vulncheck.com/advisories/selea-targa-ip-camera-stored-cross-site-scripting-via-files-list
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5614.php

History

Mon, 23 Feb 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Selea carplateserver Selea izero Box Full Selea izero Box Full Firmware Selea izero Column Entry\/8 Selea izero Column Entry\/8 Firmware Selea izero Column Full\/8 Selea izero Column Full\/8 Firmware Selea targa 504 Selea targa 504 Firmware Selea targa 512 Selea targa 512 Firmware Selea targa 704 Ilb Selea targa 704 Ilb Firmware Selea targa 704 Tkm Selea targa 704 Tkm Firmware Selea targa 710 Inox Selea targa 710 Inox Firmware Selea targa 750 Selea targa 750 Firmware Selea targa 805 Selea targa 805 Firmware Selea targa Semplice Selea targa Semplice Firmware
CPEs		cpe:2.3:a:selea:carplateserver:3.005\(191112\):::::::* cpe:2.3:a:selea:carplateserver:3.005\(191206\):::::::* cpe:2.3:a:selea:carplateserver:3.100\(200225\):::::::* cpe:2.3:a:selea:carplateserver:4.013\(201105\):::::::* cpe:2.3:h:selea:izero_box_full:-:::::::* cpe:2.3:h:selea:izero_column_entry\/8:-:::::::* cpe:2.3:h:selea:izero_column_full\/8:-:::::::* cpe:2.3:h:selea:targa_504:-:::::::* cpe:2.3:h:selea:targa_512:-:::::::* cpe:2.3:h:selea:targa_704_ilb:-:::::::* cpe:2.3:h:selea:targa_704_tkm:-:::::::* cpe:2.3:h:selea:targa_710_inox:-:::::::* cpe:2.3:h:selea:targa_750:-:::::::* cpe:2.3:h:selea:targa_805:-:::::::* cpe:2.3:h:selea:targa_semplice:-:::::::* cpe:2.3:o:selea:izero_box_full_firmware:-:::::::* cpe:2.3:o:selea:izero_column_entry\/8_firmware:-:::::::* cpe:2.3:o:selea:izero_column_full\/8_firmware:-:::::::* cpe:2.3:o:selea:targa_504_firmware:-:::::::* cpe:2.3:o:selea:targa_512_firmware:-:::::::* cpe:2.3:o:selea:targa_704_ilb_firmware:-:::::::* cpe:2.3:o:selea:targa_704_tkm_firmware:-:::::::* cpe:2.3:o:selea:targa_710_inox_firmware:-:::::::* cpe:2.3:o:selea:targa_750_firmware:-:::::::* cpe:2.3:o:selea:targa_805_firmware:-:::::::* cpe:2.3:o:selea:targa_semplice_firmware:-:::::::*
Vendors & Products		Selea carplateserver Selea izero Box Full Selea izero Box Full Firmware Selea izero Column Entry\/8 Selea izero Column Entry\/8 Firmware Selea izero Column Full\/8 Selea izero Column Full\/8 Firmware Selea targa 504 Selea targa 504 Firmware Selea targa 512 Selea targa 512 Firmware Selea targa 704 Ilb Selea targa 704 Ilb Firmware Selea targa 704 Tkm Selea targa 704 Tkm Firmware Selea targa 710 Inox Selea targa 710 Inox Firmware Selea targa 750 Selea targa 750 Firmware Selea targa 805 Selea targa 805 Firmware Selea targa Semplice Selea targa Semplice Firmware
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}`

Wed, 10 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Selea Selea targa Ip Ocr-anpr Camera
Vendors & Products		Selea Selea targa Ip Ocr-anpr Camera

Tue, 09 Dec 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.
Title		Selea Targa IP Camera Stored Cross-Site Scripting via Files List
Weaknesses		CWE-79
References		https://www.exploit-db.com/exploits/49454 https://www.selea.com https://www.selea.com/product/ https://www.vulncheck.com/advisories/selea-targa-ip-camera-stored-cross-site-scripting-via-files-list https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5614.php
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-09T20:45:17.210Z

Updated: 2025-12-09T21:25:38.174Z

Reserved: 2025-12-07T20:10:09.804Z

Link: CVE-2021-47729

Vulnrichment

Updated: 2025-12-09T21:25:35.489Z

NVD

Status : Analyzed

Published: 2025-12-09T21:15:51.400

Modified: 2026-02-23T19:00:01.170

Link: CVE-2021-47729

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-10T21:33:28Z

Weaknesses

CWE-79

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object