zoneminder is vulnerable to cross-site scripting. An attacker is able to execute HTML or javascript via web/skins/classic/views/zones.php via a crafted Zone NAME to the index.php?view=zones&action;=zoneImage∣=1 URI.
CPE | Name | Operator | Version |
---|---|---|---|
zoneminder:edge | eq | 1.32.3-r3 | |
zoneminder:edge | eq | 1.32.3-r3 |