Vulnerabilities > Zoneminder

DATE CVE VULNERABILITY TITLE RISK
2019-02-04 CVE-2019-7350 Session Fixation vulnerability in Zoneminder
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account.
4.9
2019-02-04 CVE-2019-7349 Cross-site Scripting vulnerability in Zoneminder
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.
network
zoneminder CWE-79
4.3
2019-02-04 CVE-2019-7348 Cross-site Scripting vulnerability in Zoneminder
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.
network
zoneminder CWE-79
4.3
2019-02-04 CVE-2019-7347 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Zoneminder
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table.
6.0
2019-02-04 CVE-2019-7346 Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.
6.8
2019-02-04 CVE-2019-7345 Cross-site Scripting vulnerability in Zoneminder
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code.
network
zoneminder CWE-79
3.5
2019-02-04 CVE-2019-7344 Cross-site Scripting vulnerability in Zoneminder
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.
network
zoneminder CWE-79
4.3
2019-02-04 CVE-2019-7343 Cross-site Scripting vulnerability in Zoneminder
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.
network
zoneminder CWE-79
4.3
2019-02-04 CVE-2019-7342 Cross-site Scripting vulnerability in Zoneminder
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.
network
zoneminder CWE-79
4.3
2019-02-04 CVE-2019-7341 Cross-site Scripting vulnerability in Zoneminder
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.
network
zoneminder CWE-79
4.3