Vulnerabilities > Zoneminder

DATE CVE VULNERABILITY TITLE RISK
2020-09-17 CVE-2020-25729 Cross-Site Scripting vulnerability in Zoneminder
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
network
zoneminder CWE-79
4.3
2019-06-30 CVE-2019-13072 Cross-Site Scripting vulnerability in Zoneminder 1.32.3
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
network
zoneminder CWE-79
4.3
2019-02-18 CVE-2019-8429 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
network
low complexity
zoneminder CWE-89
7.5
2019-02-18 CVE-2019-8428 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
network
low complexity
zoneminder CWE-89
7.5
2019-02-18 CVE-2019-8427 OS Command Injection vulnerability in Zoneminder
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
network
low complexity
zoneminder CWE-78
7.5
2019-02-18 CVE-2019-8426 Cross-Site Scripting vulnerability in Zoneminder
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
network
zoneminder CWE-79
4.3
2019-02-18 CVE-2019-8425 Cross-Site Scripting vulnerability in Zoneminder
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
network
zoneminder CWE-79
4.3
2019-02-18 CVE-2019-8424 SQL Injection vulnerability in Zoneminder
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
network
low complexity
zoneminder CWE-89
7.5
2019-02-18 CVE-2019-8423 SQL Injection vulnerability in Zoneminder
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
network
low complexity
zoneminder CWE-89
7.5
2019-02-04 CVE-2019-7352 Cross-Site Scripting vulnerability in Zoneminder
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.
network
zoneminder CWE-79
4.3