Lucene search
China National Vulnerability DatabaseCNVD-2022-68293HistoryOct 10, 2022 - 12:00 a.m.
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-68293)
2022-10-1000:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. ZoneMinder has a cross-site scripting vulnerability, which stems from a lack of input validation and can be exploited by attackers to execute code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Zoneminder Zoneminder | lt | 1.36.27 | |
| Zoneminder Zoneminder >=1.37.0, | lt | 1.37.24 |
Related
ubuntucve
ubuntucve
CVE-2022-39285
2022-10-07 00:00:00
alpinelinux
alpinelinux
CVE-2022-39285
2022-10-07 21:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2022-10-20 19:32:26
cve
cve
CVE-2022-39285
2022-10-07 21:15:00
prion
prion
Cross site scripting
2022-10-07 21:15:00
cvelist
cvelist
debiancve
debiancve
CVE-2022-39285
2022-10-07 21:15:00
osv
osv
CVE-2022-39285
2022-10-07 21:15:11
packetstorm
packetstorm
Zoneminder Log Injection / XSS / Cross Site Request Forgery
2023-03-27 00:00:00
zdt
zdt
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit
2023-03-27 00:00:00
openvas
openvas
ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities
2022-11-23 00:00:00
exploitdb
exploitdb
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
2023-03-27 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Related for CNVD-2022-68293