CVE-2019-7326

2019-02-0400:00:00

ubuntu.com

0.001 Low

EPSS

Percentile

33.8%

JSON

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through
1.32.3, allowing an attacker to execute HTML or JavaScript code via a
vulnerable ‘Host’ parameter value in the view console (console.php) because
proper filtration is omitted. This relates to the index.php?view=monitor
Host Name field.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchzoneminder< 1.32.3-2ubuntu2+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	zoneminder	< 1.32.3-2ubuntu2+esm1	UNKNOWN

References

github.com/ZoneMinder/zoneminder/issues/2452

launchpad.net/bugs/cve/CVE-2019-7326

nvd.nist.gov/vuln/detail/CVE-2019-7326

security-tracker.debian.org/tracker/CVE-2019-7326

ubuntu.com/security/notices/USN-5889-1

www.cve.org/CVERecord?id=CVE-2019-7326

0.001 Low

EPSS

Percentile

33.8%

JSON

Related for UB:CVE-2019-7326