CVE-2016-10201 — Cross-site Scripting in Zoneminder

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 48.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedMar 3

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/zoneminder< zoneminder 1.30.4+dfsg-1 (bookworm)

▶Debianzoneminder/zoneminder< 1.30.4+dfsg-1+3

▶NVDzoneminder/zoneminder1.30.0

🔴Vulnerability Details

GHSA

GHSA-456m-9wp2-mxg3: Cross-site scripting (XSS) vulnerability in Zoneminder 1↗2022-05-17

▶

OSV

CVE-2016-10201: Cross-site scripting (XSS) vulnerability in Zoneminder 1↗2017-03-03

▶

📋Vendor Advisories

Debian

CVE-2016-10201: zoneminder - Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows r...↗2016

▶

💬Community

Bugzilla

CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 CVE-2017-7203 zoneminder: Multiple security issues↗2017-03-07

▶

Bugzilla

CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 CVE-2017-7203 zoneminder: Multiple security issues [fedora-all]↗2017-03-07

▶