CVE-2024-43359 XSS vulnerabilities in montagereview

2024-08-1220:49:28

CWE-79

GitHub_M

github.com

zoneminder

cross-site scripting

montagereview

displayinterval

speed

scale

vulnerability

fixed

1.36.34

1.37.61

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

21.3%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.

CNA Affected

[
  {
    "vendor": "ZoneMinder",
    "product": "zoneminder",
    "versions": [
      {
        "version": "< 1.36.34",
        "status": "affected"
      },
      {
        "version": ">= 1.37.0, < 1.37.61",
        "status": "affected"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"
    ],
    "vendor": "zoneminder",
    "product": "zoneminder",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.36.34",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "1.37.0",
        "lessThan": "1.37.61",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]