Vulnerabilities > Zoneminder > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2019-7337 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. | 3.5 |
| 2019-02-04 | CVE-2019-7345 | Cross-site Scripting vulnerability in Zoneminder Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. | 3.5 |
| 2019-01-28 | CVE-2019-6990 | Cross-site Scripting vulnerability in Zoneminder A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. | 3.5 |
| 2017-02-06 | CVE-2017-5595 | Information Exposure vulnerability in Zoneminder A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). | 2.1 |
| 2009-04-27 | CVE-2008-6756 | Permissions, Privileges, and Access Controls vulnerability in Zoneminder 1.23.3 ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | 2.1 |