10 matches found
VulnCheck KEV: CVE-2022-39290
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the...
Linux Distros Unpatched Vulnerability : CVE-2022-39290
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the...
Zoneminder Log Injection / XSS / Cross Site Request Forgery
Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit
Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 Writeup:...
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...
ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities
ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...
CVE-2022-39290
creationtimestamp| type| source ---|---|--- 2022-10-08 00:17:45+00:00| seen| https://t.me/cibsecurity/51035 2023-03-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51071 2025-07-08 21:02:43+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lti75juill2f...
CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...
CVE-2022-39290
ZoneMinder CVE-2022-39290 enables CSRF token bypass by altering requests to the Zoneminder web app, notably replacing HTTP POST with GET and omitting the CSRF key. This allows an authenticated user’s actions to be executed without CSRF protection, potentially leading to unintended actions on the ...
CVE-2022-39290 CSRF key bypass using HTTP methods in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...