Vulnerabilities > Zoneminder > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2019-7334 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. | 4.3 |
| 2019-02-04 | CVE-2019-7333 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. | 4.3 |
| 2019-02-04 | CVE-2019-7332 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. | 4.3 |
| 2019-02-04 | CVE-2019-7331 | Cross-site Scripting vulnerability in Zoneminder Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). | 4.3 |
| 2019-02-04 | CVE-2019-7330 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. | 4.3 |
| 2019-02-04 | CVE-2019-7329 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. | 4.3 |
| 2019-02-04 | CVE-2019-7328 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. | 4.3 |
| 2019-02-04 | CVE-2019-7327 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. | 4.3 |
| 2019-02-04 | CVE-2019-7326 | Cross-site Scripting vulnerability in Zoneminder Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. | 4.3 |
| 2019-02-04 | CVE-2019-7325 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. | 4.3 |