Cross-site Scripting (XSS)

2021-09-3005:52:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

zoneminder

cross-site scripting

webroot url

filtration

vulnerability

EPSS

0.001

Percentile

37.8%

JSON

zoneminder:edge is vulnerable to cross site scripting (XSS). As the form action on multiple views utilizes $SERVER[‘PHPSELF’] insecurely, it mishandles any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.