Lucene search
K

10 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the...

8CVSS5.8AI score0.05444EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-39290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the...

8CVSS6.8AI score0.05444EPSS
Exploits4References3
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.268 views

Zoneminder Log Injection / XSS / Cross Site Request Forgery

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...

8CVSS5.7AI score0.05444EPSS
Exploits6
0day.today
0day.today
added 2023/03/27 12:0 a.m.279 views

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 Writeup:...

8CVSS5.7AI score0.05444EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.215 views

Zoneminder &lt; v1.37.24 - Log Injection &amp; Stored XSS &amp; CSRF Bypass

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...

8CVSS6.2AI score0.05444EPSS
Exploits6
OpenVAS
OpenVAS
added 2022/11/23 12:0 a.m.20 views

ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities

ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...

9.1CVSS6.7AI score0.05444EPSS
Exploits7References4
Circl
Circl
added 2022/10/08 12:17 a.m.15 views

CVE-2022-39290

creationtimestamp| type| source ---|---|--- 2022-10-08 00:17:45+00:00| seen| https://t.me/cibsecurity/51035 2023-03-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51071 2025-07-08 21:02:43+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lti75juill2f...

8CVSS7.1AI score0.05444EPSS
Exploits4References3
Cvelist
Cvelist
added 2022/10/07 12:0 a.m.31 views

CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

8CVSS8AI score0.05444EPSS
Exploits4References3
CVE
CVE
added 2022/10/07 12:0 a.m.99 views

CVE-2022-39290

ZoneMinder CVE-2022-39290 enables CSRF token bypass by altering requests to the Zoneminder web app, notably replacing HTTP POST with GET and omitting the CSRF key. This allows an authenticated user’s actions to be executed without CSRF protection, potentially leading to unintended actions on the ...

8CVSS6.6AI score0.05444EPSS
Exploits4References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/07 12:0 a.m.6 views

CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...

8CVSS8AI score0.05444EPSS
Exploits4References3
Rows per page
Query Builder