Denial Of Service (DoS)

zoneminder:edge is vulnerable to denial of service. A classic Stack-based buffer overflow exists in the zmLoadUser function in zmuser.cpp of the zmu binary in ZoneMinder, allowing an unauthenticated attacker to execute code via a long username...

Cross-site Scripting (XSS)

zoneminder is vulnerable to cross-site scripting. An attacker is able to execute HTML or javascript via web/skins/classic/views/zones.php via a crafted Zone NAME to the index.php?view=zones=zoneImage∣=1 URI...

Cross-site Scripting (XSS)

zoneminder is vulnerable to cross-site scripting. The vulnerability exists due to a lack of input validation to the value supplied to the 'New State' aka newState field, allowing an attacker to execute HTML or JavaScript code...

Log Injection

ZoneMinder is vulnerable to log Injectio. An attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...

Privilege Escalation

zoneminder is vulnerable to privilege escalation. The vulnerability exists due to a Time-of-check Time-of-use TOCTOU Race Condition...

Cross-Site Request Forgery (CSRF)

ZoneMinder is vulnerable to cross-site request forgery. Whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation in the view 'options' options.php for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value...

Cross-site Scripting (XSS)

zoneminder:edge is vulnerable to cross-site scripting. An attacker is able to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filterName' aka Filter name value on the web page without applying any proper filtration...

Cross Site Scripting (XSS)

zoneminder:edge is vulnerable to Cross Site Scripting XSS. It exists in ZoneMinder, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation in the 'newMonitorV4LCapturesPerFrame' parameter value in the view monitor monitor.php...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation in the 'newMonitorMethod' parameter value in the view monitor monitor.php...

Cross-site Scripting (XSS)

zoneminder:edge is vulnerable to cross site scripting XSS. An attacker is able to execute HTML or JavaScript code via a vulnerable 'filterAutoExecuteCmd' parameter value in the view filter filter.php because proper filtration is omitted...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation in the 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation of the 'Exportfile' parameter value in the view export export.php...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation of the MonitorName and Source parameters in the view monitorfilters.php...

Cross-site Scripting (XSS)

zoneminder:edge is vulnerable to cross site scripting XSS. An attacker is able to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation of the 'level' parameter value in the view log log.php...

Cross-site Scripting (XSS)

zoneminder:edge is vulnerable to cross site scripting XSS. An attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download download.php because proper filtration is omitted...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation of the function sortHeader in functions.php which insecurely returns the value of the limit query string parameter without applying any filtration...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation of the field named "signal check color" monitor.php...