UBUNTU-CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

UBUNTU-CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

CVE-2022-30769

ZoneMinder’s CVE-2022-30769 entry describes a session fixation vulnerability up to version 1.36.12, where an attacker can poison the session cookie to the next logged-in user. Connected documents also outline additional ZoneMinder issues (OS command injection, SQL injection, Local File Inclusion,...

CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

CVE-2022-30768

CVE-2022-30768 is a stored XSS in ZoneMinder 1.36.12 where an attacker can inject HTML/JavaScript via the Username field when an Admin (or user seeing others) clicks Logout. The issue is described across multiple sources as affecting ZoneMinder 1.36.12 and later with a different method than CVE-2...

ZoneMinder 跨站脚本漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder version 1.36.12, which stems from an issue containing stored cross-site scripting XSS that allows an attacker to execute HTM...

ZoneMinder 授权问题漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, among others. A security vulnerability exists in ZoneMinder version 1.36.12. The vulnerability stems from the presence of a session fixation, which allows an attacker to give a session...

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

Information Disclosure

zoneminder is vulnerable to information disclosure. The vulnerability exists due to not properly hiding database log contents which allows an attacker to gain access to the system and perform insertion, modification, deletion of logs without system privileges...

Cross-Site Scripting (XSS)

zoneminder is vulnerable to cross-site scripting. The vulnerability is possible by backing out of the current "tr" "td" brackets which allows an attacker to inject and execute code that will execute when a user views the specific log on the "view=log" page...

Improper Access Control

zoneminder is vulnerable to improper access control. The vulnerability exists because the HTTP and GET requests are not properly handled which allows an attacker to bypass CSRF keys by modifying the request supplied to the application...

Code Injection

zoneminder is vulnerable to code injection. The vulnerability exists because the HTTP and POST request are not properly handled which allows an attacker with "View" system permissions to inject new data into the logs...

PT-2022-20303 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.13 Description: The issue allows an attacker to poison a session cookie, which can then be used by the next logged-in user. This can lead to unauthorized access to user accounts. Recommendations: For ZoneMind...

ZoneMinder Information Disclosure Vulnerability

ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, etc. ZoneMinder is vulnerable to an information disclosure vulnerability that stems from the ZoneMinder API exposing database log content to users without permissions, allowing logs t...

ZoneMinder has an unspecified vulnerability

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...

ZoneMinder input validation error vulnerability

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. ZoneMinder has an input validation error vulnerability, which stems from allowing a user with view system privileges to inject new data in...