A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an
attacker to execute HTML or JavaScript code via the Username field when an
Admin (or non-Admin users that can see other users logged into the
platform) clicks on Logout. NOTE: this exists in later versions than
CVE-2019-7348 and requires a different attack method.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 22.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 23.10 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 24.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 16.04 | noarch | zoneminder | < any | UNKNOWN |