CVE-2019-7331Cross-site Scripting in Zoneminder

CWE-79Cross-site Scripting6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 44.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZoneminderDebian Zoneminder
Timeline
PublishedFeb 4
Latest updateFeb 27

Description

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

debiandebian/zoneminder< zoneminder 1.34.6-1 (bookworm)
Debianzoneminder/zoneminder< 1.34.6-1+3
Ubuntuzoneminder/zoneminder< 1.29.0+dfsg-1ubuntu2+esm1+2

🔴Vulnerability Details

3
OSV
zoneminder vulnerabilities2023-02-27
GHSA
GHSA-24p7-v3fm-63vm: Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 12022-05-14
OSV
CVE-2019-7331: Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 12019-02-04

📋Vendor Advisories

2
Ubuntu
ZoneMinder vulnerabilities2023-02-27
Debian
CVE-2019-7331: zoneminder - Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 whi...2019