Vulnerabilities > Zoneminder
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2019-7330 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7329 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. | 6.1 |
| 2019-02-04 | CVE-2019-7328 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7327 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7326 | Cross-site Scripting vulnerability in Zoneminder Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7325 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. | 6.1 |
| 2019-01-28 | CVE-2019-6992 | Cross-site Scripting vulnerability in Zoneminder A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. | 6.1 |
| 2019-01-28 | CVE-2019-6991 | Out-of-bounds Write vulnerability in Zoneminder A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. | 9.8 |
| 2019-01-28 | CVE-2019-6990 | Cross-site Scripting vulnerability in Zoneminder A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. | 5.4 |
| 2019-01-24 | CVE-2019-6777 | Cross-site Scripting vulnerability in Zoneminder 1.32.3 An issue was discovered in ZoneMinder v1.32.3. | 6.1 |