CVE-2017-7203 — Cross-site Scripting in Zoneminder

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 48.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedMar 21

Latest updateMay 17

Description

A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/zoneminder< zoneminder 1.30.4+dfsg-1 (bookworm)

▶Debianzoneminder/zoneminder< 1.30.4+dfsg-1+3

▶NVDzoneminder/zoneminder1.30.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2h6v-4cpv-9pv7: A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1↗2022-05-17

▶

OSV

CVE-2017-7203: A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1↗2017-03-21

▶

📋Vendor Advisories

Debian

CVE-2017-7203: zoneminder - A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vul...↗2017

▶

💬Community

Bugzilla

CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 CVE-2017-7203 zoneminder: Multiple security issues↗2017-03-07

▶

Bugzilla

CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 CVE-2017-7203 zoneminder: Multiple security issues [fedora-all]↗2017-03-07

▶