Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through
1.32.3, allowing an attacker to execute HTML or JavaScript code via a
vulnerable ‘Host’ parameter value in the view console (console.php) because
proper filtration is omitted. This relates to the index.php?view=monitor
Host Name field.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | zoneminder | < 1.32.3-2ubuntu2+esm1 | UNKNOWN |