CVE-2020-25729 — Cross-site Scripting in Zoneminder

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 32.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 17

Latest updateMay 24

Description

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶debiandebian/zoneminder< zoneminder 1.34.21-1 (bookworm)

▶Debianzoneminder/zoneminder< 1.34.21-1+3

GHSA

GHSA-gmmw-m27p-f77m: ZoneMinder before 1↗2022-05-24

▶

OSV

CVE-2020-25729: ZoneMinder before 1↗2020-09-17

▶

Debian

CVE-2020-25729: zoneminder - ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or e...↗2020

▶