Vulnerabilities > Zoneminder > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2019-7333 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7332 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7331 | Cross-site Scripting vulnerability in Zoneminder Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). | 6.1 |
| 2019-02-04 | CVE-2019-7330 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7329 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. | 6.1 |
| 2019-02-04 | CVE-2019-7328 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7327 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7326 | Cross-site Scripting vulnerability in Zoneminder Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. | 6.1 |
| 2019-02-04 | CVE-2019-7325 | Cross-site Scripting vulnerability in Zoneminder Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. | 6.1 |
| 2019-01-28 | CVE-2019-6992 | Cross-site Scripting vulnerability in Zoneminder A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. | 6.1 |