Vulnerabilities > Zoneminder > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-28 | CVE-2019-6992 | Cross-site Scripting vulnerability in Zoneminder A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. | 4.3 |
| 2019-01-24 | CVE-2019-6777 | Cross-site Scripting vulnerability in Zoneminder 1.32.3 An issue was discovered in ZoneMinder v1.32.3. | 4.3 |
| 2017-03-21 | CVE-2017-7203 | Cross-site Scripting vulnerability in Zoneminder 1.30.2 A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. | 4.3 |
| 2017-03-03 | CVE-2016-10206 | Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. | 6.8 |
| 2017-03-03 | CVE-2016-10203 | Cross-site Scripting vulnerability in Zoneminder Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | 4.3 |
| 2017-03-03 | CVE-2016-10202 | Cross-site Scripting vulnerability in Zoneminder Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. | 4.3 |
| 2017-03-03 | CVE-2016-10201 | Cross-site Scripting vulnerability in Zoneminder Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. | 4.3 |
| 2017-02-06 | CVE-2017-5368 | Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder 1.29.0/1.30.0 ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. | 6.8 |
| 2017-02-06 | CVE-2017-5367 | Cross-site Scripting vulnerability in Zoneminder 1.29.0/1.30.0 Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. | 4.3 |
| 2017-01-13 | CVE-2016-10140 | Information Exposure vulnerability in Zoneminder 1.30.0 Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. | 5.0 |