Vulnerabilities > Zoneminder

DATE CVE VULNERABILITY TITLE RISK
2023-02-25 CVE-2023-26032 SQL Injection vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
high complexity
zoneminder CWE-89
8.1
2023-02-25 CVE-2023-26034 SQL Injection vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
network
low complexity
zoneminder CWE-89
8.8
2022-11-15 CVE-2022-30768 Cross-site Scripting vulnerability in Zoneminder 1.36.12
A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout.
network
low complexity
zoneminder CWE-79
5.4
2022-11-15 CVE-2022-30769 Session Fixation vulnerability in Zoneminder
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.
network
low complexity
zoneminder CWE-384
4.6
2022-10-07 CVE-2022-39285 Cross-site Scripting vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets.
network
low complexity
zoneminder CWE-79
5.4
2022-10-07 CVE-2022-39289 Missing Authorization vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application.
network
low complexity
zoneminder CWE-862
7.5
2022-10-07 CVE-2022-39290 Improper Authentication vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application.
network
low complexity
zoneminder CWE-287
6.5
2022-10-07 CVE-2022-39291 Improper Input Validation vulnerability in Zoneminder
ZoneMinder is a free, open source Closed-circuit television software application.
network
low complexity
zoneminder CWE-20
5.4
2022-04-26 CVE-2022-29806 Path Traversal vulnerability in Zoneminder
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
network
low complexity
zoneminder CWE-22
7.5
2020-09-17 CVE-2020-25729 Cross-site Scripting vulnerability in Zoneminder
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
network
zoneminder CWE-79
4.3