Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view ‘filter’ as it insecurely prints the ‘filter[Name]’ (aka Filter name) value on the web page without applying any proper filtration.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | zoneminder | < 1.34.6-1 | zoneminder_1.34.6-1_all.deb |
Debian | 11 | all | zoneminder | < 1.34.6-1 | zoneminder_1.34.6-1_all.deb |
Debian | 999 | all | zoneminder | < 1.34.6-1 | zoneminder_1.34.6-1_all.deb |