DEBIAN-CVE-2019-7345

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...

UBUNTU-CVE-2019-7345

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...

nc-cms cross-site scripting vulnerability

nc-cms is a PHP-based embeddable lightweight CMS content management system. A cross-site scripting vulnerability exists in the index.php?action=edithtml&name=homecontent URI in nc-cms 2017-03-10 and earlier versions, which can be exploited by remote attackers to inject malicious JavaScript code...

CVE-2018-18290

An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml&name=homecontent allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality...