ZoneMinder is vulnerable to cross-site request forgery. Whenever a CSRF check fails, a callback function is called displaying a “Try again” button, which allows resending the failed request, making the CSRF attack successful.
CPE | Name | Operator | Version |
---|---|---|---|
zoneminder:edge | eq | 1.32.3-r3 | |
zoneminder:edge | eq | 1.32.3-r3 |