Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.7 views

CVE-2022-39291

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

5.4CVSS6.2AI score0.05052EPSS
Exploits4References1
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.268 views

Zoneminder Log Injection / XSS / Cross Site Request Forgery

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...

8CVSS5.7AI score0.05444EPSS
Exploits6
0day.today
0day.today
added 2023/03/27 12:0 a.m.279 views

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 Writeup:...

8CVSS5.7AI score0.05444EPSS
Exploits6
Circl
Circl
added 2023/03/27 12:0 a.m.24 views

CVE-2022-39291

creationtimestamp| type| source ---|---|--- 2023-03-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51071...

5.4CVSS6.8AI score0.05052EPSS
Exploits4References1
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.215 views

Zoneminder &lt; v1.37.24 - Log Injection &amp; Stored XSS &amp; CSRF Bypass

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...

8CVSS6.2AI score0.05444EPSS
Exploits6
OpenVAS
OpenVAS
added 2022/11/23 12:0 a.m.20 views

ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities

ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...

9.1CVSS6.7AI score0.05444EPSS
Exploits7References4
Vulnrichment
Vulnrichment
added 2022/10/07 12:0 a.m.8 views

CVE-2022-39291 Denial of service through logs in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

5.4CVSS5.6AI score0.05052EPSS
Exploits4References6
CVE
CVE
added 2022/10/07 12:0 a.m.90 views

CVE-2022-39291

CVE-2022-39291 affects ZoneMinder. A vulnerability allows users with View system permissions to inject data into Zoneminder logs via an HTTP POST to /zm/index.php, with no rate limiting, potentially impacting database performance or exhausting storage. It is a network-accessible/vectored issue wi...

5.4CVSS5.5AI score0.05052EPSS
Exploits4References6Affected Software1
Rows per page
Query Builder