1264 matches found
CVE-2019-7333
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download download.php because proper filtration is omitted...
DEBIAN-CVE-2019-7334
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export export.php because proper filtration is omitted...
UBUNTU-CVE-2019-7329
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...
UBUNTU-CVE-2019-7337
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
DEBIAN-CVE-2019-7338
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration...
DEBIAN-CVE-2019-7327
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame frame.php because proper filtration is omitted...
UBUNTU-CVE-2019-7341
Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...
CVE-2019-7338
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration...
CVE-2019-7341
Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...
CVE-2019-7345
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...
CVE-2019-7331
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" monitor.php. There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack...
CVE-2019-7327
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame frame.php because proper filtration is omitted...
Cross site scripting
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...
Cross site scripting
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...
Cross site scripting
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export export.php because proper filtration is omitted...
Cross site scripting
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...
CVE-2019-7334
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export export.php because proper filtration is omitted...
CVE-2019-7328
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame frame.php via /js/frame.js.php because proper filtration is omitted...
CVE-2019-7331
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" monitor.php. There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack...
CVE-2019-7351
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...