Lucene search

[email protected]NVD:CVE-2024-43358

HistoryAug 12, 2024 - 9:15 p.m.

CVE-2024-43358

2024-08-1221:15:33

CWE-79

[email protected]

web.nvd.nist.gov

zoneminder

cctv software

xss vulnerability

patched

1.36.34

1.37.61

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.

Affected configurations

Nvd

Node

zoneminderzoneminderRange<1.36.34

zoneminderzoneminderRange1.37.00–1.37.61

VendorProductVersionCPE
zoneminderzoneminder*cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zoneminder	zoneminder	*	cpe:2.3:a:zoneminder:zoneminder::::::::

References

github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77

github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0

github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

Related for NVD:CVE-2024-43358

osv1 cvelist1 vulnrichment1 ubuntucve1 debiancve1 alpinelinux1 cve1 openvas1