ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and previous versions have a cross-site scripting vulnerability, which stems from the program is not properly filtered, remote attackers can use the ‘scale’ parameter to execute arbitrary html or JavaScript code with the ‘scale’ parameter.