Vulnerability Details CVE-2019-7344
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2019-7344
-
cpe:2.3:a:zoneminder:zoneminder:-
-
cpe:2.3:a:zoneminder:zoneminder:1.25
-
cpe:2.3:a:zoneminder:zoneminder:1.26
-
cpe:2.3:a:zoneminder:zoneminder:1.26.0
-
cpe:2.3:a:zoneminder:zoneminder:1.26.1
-
cpe:2.3:a:zoneminder:zoneminder:1.26.2
-
cpe:2.3:a:zoneminder:zoneminder:1.26.3
-
cpe:2.3:a:zoneminder:zoneminder:1.26.4
-
cpe:2.3:a:zoneminder:zoneminder:1.26.5
-
cpe:2.3:a:zoneminder:zoneminder:1.27.0
-
cpe:2.3:a:zoneminder:zoneminder:1.28.0
-
cpe:2.3:a:zoneminder:zoneminder:1.28.1
-
cpe:2.3:a:zoneminder:zoneminder:1.29.0
-
cpe:2.3:a:zoneminder:zoneminder:1.30.0
-
cpe:2.3:a:zoneminder:zoneminder:1.30.1
-
cpe:2.3:a:zoneminder:zoneminder:1.30.2
-
cpe:2.3:a:zoneminder:zoneminder:1.30.3
-
cpe:2.3:a:zoneminder:zoneminder:1.30.4
-
cpe:2.3:a:zoneminder:zoneminder:1.30.5
-
cpe:2.3:a:zoneminder:zoneminder:1.32.0
-
cpe:2.3:a:zoneminder:zoneminder:1.32.1
-
cpe:2.3:a:zoneminder:zoneminder:1.32.2
-
cpe:2.3:a:zoneminder:zoneminder:1.32.3