CVE-2019-6777 — Cross-site Scripting in Zoneminder

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 46.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedJan 24

Latest updateFeb 27

Description

An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶debiandebian/zoneminder< zoneminder 1.32.3-2 (bookworm)

▶Debianzoneminder/zoneminder< 1.32.3-2+3

▶Ubuntuzoneminder/zoneminder< 1.29.0+dfsg-1ubuntu2+esm1+2

▶NVDzoneminder/zoneminder1.32.3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

zoneminder vulnerabilities↗2023-02-27

▶

GHSA

GHSA-xj6g-crgg-j3cm: An issue was discovered in ZoneMinder v1↗2022-05-14

▶

OSV

CVE-2019-6777: An issue was discovered in ZoneMinder v1↗2019-01-24

▶

📋Vendor Advisories

Ubuntu

ZoneMinder vulnerabilities↗2023-02-27

▶

Debian

CVE-2019-6777: zoneminder - An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins...↗2019

▶