CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-30768

A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.6%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/ZoneMinder/zoneminder/releases
https://medium.com/%40dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31
https://github.com/ZoneMinder/zoneminder/releases
https://medium.com/%40dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31

Products affected by CVE-2022-30768

Zoneminder » Zoneminder » Version: 1.36.12

cpe:2.3:a:zoneminder:zoneminder:1.36.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-30768

Products

Pricing

Contact Us