CVE-2020-25730 — Cross-site Scripting in Zoneminder

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

8.2HIGHNVD

EPSS

0.3%

top 51.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedApr 4

Description

Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages3 packages

▶debiandebian/zoneminder< zoneminder 1.34.21-1 (bookworm)

▶NVDzoneminder/zoneminder< 1.34.21

▶Debianzoneminder/zoneminder< 1.34.21-1+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2020-25730: Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1↗2024-04-04

▶

GHSA

GHSA-vqhg-mqww-h64x: Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1↗2024-04-04

▶

📋Vendor Advisories

Debian

CVE-2020-25730: zoneminder - Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, a...↗2020

▶