CVE-2019-7330

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame frame.php because proper filtration is omitted...

CVE-2019-7352

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'state' aka Run State state.php does no input validation to the value supplied to the 'New State' aka newState field, allowing an attacker to execute HTML or JavaScript code...

CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

CVE-2019-7345

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7340

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filterQueryterms0val' parameter value in the view filter filter.php because proper filtration is omitted...

CVE-2019-7331

CVE-2019-7331 is a ZoneMinder vulnerability affecting the monitor editing flow. The issue is a stored XSS in the monitor field named “signal check color” (monitor.php) present up to ZoneMinder 1.32.3. Root cause: lack of input validation and output filtration allows HTML injection, enabling XSS. ...

CVE-2019-7325

CVE-2019-7325 describes a Reflected XSS in ZoneMinder up to version 1.32.3, caused by insecure handling of $_REQUEST['PHP_SELF'] in multiple web/skins/classic/views. The issue allows an attacker to inject scripts via crafted URLs and affects web interfaces that do not filter input. Connected docu...

CVE-2019-7341

CVE-2019-7341 affects ZoneMinder up to and including version 1.32.3. The issue is a reflected XSS in the view_monitor flow (monitor.php) via the newMonitor[LinkedMonitors] parameter due to insufficient input filtering. Root cause: improper filtration of a user-supplied value leads to HTML/JavaScr...

CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

CVE-2019-7342

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filterAutoExecuteCmd' parameter value in the view filter filter.php because proper filtration is omitted...

CVE-2019-7330

CVE-2019-7330 describes a Reflected Cross-Site Scripting (XSS) vulnerability in ZoneMinder up to version 1.32.3, where an attacker can inject HTML/JavaScript via the show parameter in frame.php due to insufficient input filtration. Affected product/component: ZoneMinder (frame.php, show parameter...

CVE-2019-7345

ZoneMinder

CVE-2019-7346

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful...

CVE-2019-7327

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame frame.php because proper filtration is omitted...

CVE-2019-7338

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration...

CVE-2019-7332

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' aka Event ID parameter value in the view download download.php because proper filtration is omitted...

CVE-2019-7326

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console console.php because proper filtration is omitted. This relates to the index.php?view=monitor Host Name...

CVE-2019-7335

ZoneMinder CVE-2019-7335 is a Self-Stored XSS vulnerability affecting ZoneMinder up to version 1.32.3. The issue arises from insecurely printing the Log Message value in the logs view (view=logs), enabling HTML/JavaScript execution in the page. Connected sources corroborate the vulnerability in Z...

CVE-2019-7340

CVE-2019-7340 affects ZoneMinder up to version 1.32.3. The vulnerability is a cross-site scripting (XSS) flaw in the view filter (filter.php) where the parameter filter[Query][terms][0][val] is not properly filtered, allowing an attacker to inject HTML/JavaScript. Root cause: insufficient input f...