Vulnerability Details CVE-2019-7345
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.4%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2019-7345
-
cpe:2.3:a:zoneminder:zoneminder:-
-
cpe:2.3:a:zoneminder:zoneminder:1.25
-
cpe:2.3:a:zoneminder:zoneminder:1.26
-
cpe:2.3:a:zoneminder:zoneminder:1.26.0
-
cpe:2.3:a:zoneminder:zoneminder:1.26.1
-
cpe:2.3:a:zoneminder:zoneminder:1.26.2
-
cpe:2.3:a:zoneminder:zoneminder:1.26.3
-
cpe:2.3:a:zoneminder:zoneminder:1.26.4
-
cpe:2.3:a:zoneminder:zoneminder:1.26.5
-
cpe:2.3:a:zoneminder:zoneminder:1.27.0
-
cpe:2.3:a:zoneminder:zoneminder:1.28.0
-
cpe:2.3:a:zoneminder:zoneminder:1.28.1
-
cpe:2.3:a:zoneminder:zoneminder:1.29.0
-
cpe:2.3:a:zoneminder:zoneminder:1.30.0
-
cpe:2.3:a:zoneminder:zoneminder:1.30.1
-
cpe:2.3:a:zoneminder:zoneminder:1.30.2
-
cpe:2.3:a:zoneminder:zoneminder:1.30.3
-
cpe:2.3:a:zoneminder:zoneminder:1.30.4
-
cpe:2.3:a:zoneminder:zoneminder:1.30.5
-
cpe:2.3:a:zoneminder:zoneminder:1.32.0
-
cpe:2.3:a:zoneminder:zoneminder:1.32.1
-
cpe:2.3:a:zoneminder:zoneminder:1.32.2
-
cpe:2.3:a:zoneminder:zoneminder:1.32.3