Vulnerability Details CVE-2019-7328
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2019-7328
-
cpe:2.3:a:zoneminder:zoneminder:-
-
cpe:2.3:a:zoneminder:zoneminder:1.25
-
cpe:2.3:a:zoneminder:zoneminder:1.26
-
cpe:2.3:a:zoneminder:zoneminder:1.26.0
-
cpe:2.3:a:zoneminder:zoneminder:1.26.1
-
cpe:2.3:a:zoneminder:zoneminder:1.26.2
-
cpe:2.3:a:zoneminder:zoneminder:1.26.3
-
cpe:2.3:a:zoneminder:zoneminder:1.26.4
-
cpe:2.3:a:zoneminder:zoneminder:1.26.5
-
cpe:2.3:a:zoneminder:zoneminder:1.27.0
-
cpe:2.3:a:zoneminder:zoneminder:1.28.0
-
cpe:2.3:a:zoneminder:zoneminder:1.28.1
-
cpe:2.3:a:zoneminder:zoneminder:1.29.0
-
cpe:2.3:a:zoneminder:zoneminder:1.30.0
-
cpe:2.3:a:zoneminder:zoneminder:1.30.1
-
cpe:2.3:a:zoneminder:zoneminder:1.30.2
-
cpe:2.3:a:zoneminder:zoneminder:1.30.3
-
cpe:2.3:a:zoneminder:zoneminder:1.30.4
-
cpe:2.3:a:zoneminder:zoneminder:1.30.5
-
cpe:2.3:a:zoneminder:zoneminder:1.32.0
-
cpe:2.3:a:zoneminder:zoneminder:1.32.1
-
cpe:2.3:a:zoneminder:zoneminder:1.32.2
-
cpe:2.3:a:zoneminder:zoneminder:1.32.3