Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689
https://seclists.org/bugtraq/2018/Jun/40
https://drive.google.com/file/d/1aWbvdrx1KRkUv4ikkm530a2N5qrxCLmr/view?usp=sharing
http://www.securityfocus.com/archive/1/542083/100/0/threaded