UBUNTU-CVE-2019-7331

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" monitor.php. There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack...

PT-2019-18535 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.4 Description: A Reflected Cross Site Scripting issue exists, allowing an attacker to execute HTML or JavaScript code via a vulnerable show parameter value in the "view frame" frame.php due to omitted proper...

PT-2019-18537 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.4 Description: A Reflected Cross Site Scripting issue exists, allowing an attacker to execute HTML or JavaScript code via a vulnerable eid parameter value in the "download.php" API endpoint, due to omitted...

PT-2019-18530 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.4 Description: A Reflected Cross Site Scripting XSS issue exists due to insecure utilization of the $ REQUEST'PHP SELF' variable in multiple views under web/skins/classic/views, without proper filtration...