Vulnerabilities > Zoneminder > Zoneminder > 1.30.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-28 | CVE-2019-6992 | Cross-site Scripting vulnerability in Zoneminder A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. | 4.3 |
2019-01-28 | CVE-2019-6991 | Out-of-bounds Write vulnerability in Zoneminder A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. | 7.5 |
2019-01-28 | CVE-2019-6990 | Cross-site Scripting vulnerability in Zoneminder A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. | 3.5 |
2018-12-20 | CVE-2018-1000833 | Deserialization of Untrusted Data vulnerability in Zoneminder ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | 7.5 |
2018-12-20 | CVE-2018-1000832 | Deserialization of Untrusted Data vulnerability in Zoneminder ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | 10.0 |