CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.9%

CVSS Severity

CVSS v3 Score 7.6

References

Products affected by CVE-2022-39285

Zoneminder » Zoneminder » Version: N/A

cpe:2.3:a:zoneminder:zoneminder:-
Zoneminder » Zoneminder » Version: 1.25

cpe:2.3:a:zoneminder:zoneminder:1.25
Zoneminder » Zoneminder » Version: 1.26

cpe:2.3:a:zoneminder:zoneminder:1.26
Zoneminder » Zoneminder » Version: 1.26.0

cpe:2.3:a:zoneminder:zoneminder:1.26.0
Zoneminder » Zoneminder » Version: 1.26.1

cpe:2.3:a:zoneminder:zoneminder:1.26.1
Zoneminder » Zoneminder » Version: 1.26.2

cpe:2.3:a:zoneminder:zoneminder:1.26.2
Zoneminder » Zoneminder » Version: 1.26.3

cpe:2.3:a:zoneminder:zoneminder:1.26.3
Zoneminder » Zoneminder » Version: 1.26.4

cpe:2.3:a:zoneminder:zoneminder:1.26.4
Zoneminder » Zoneminder » Version: 1.26.5

cpe:2.3:a:zoneminder:zoneminder:1.26.5
Zoneminder » Zoneminder » Version: 1.27.0

cpe:2.3:a:zoneminder:zoneminder:1.27.0
Zoneminder » Zoneminder » Version: 1.28.0

cpe:2.3:a:zoneminder:zoneminder:1.28.0
Zoneminder » Zoneminder » Version: 1.28.1

cpe:2.3:a:zoneminder:zoneminder:1.28.1
Zoneminder » Zoneminder » Version: 1.29.0

cpe:2.3:a:zoneminder:zoneminder:1.29.0
Zoneminder » Zoneminder » Version: 1.30.0

cpe:2.3:a:zoneminder:zoneminder:1.30.0
Zoneminder » Zoneminder » Version: 1.30.1

cpe:2.3:a:zoneminder:zoneminder:1.30.1
Zoneminder » Zoneminder » Version: 1.30.2

cpe:2.3:a:zoneminder:zoneminder:1.30.2
Zoneminder » Zoneminder » Version: 1.30.3

cpe:2.3:a:zoneminder:zoneminder:1.30.3
Zoneminder » Zoneminder » Version: 1.30.4

cpe:2.3:a:zoneminder:zoneminder:1.30.4
Zoneminder » Zoneminder » Version: 1.30.5

cpe:2.3:a:zoneminder:zoneminder:1.30.5
Zoneminder » Zoneminder » Version: 1.32.0

cpe:2.3:a:zoneminder:zoneminder:1.32.0
Zoneminder » Zoneminder » Version: 1.32.1

cpe:2.3:a:zoneminder:zoneminder:1.32.1
Zoneminder » Zoneminder » Version: 1.32.2

cpe:2.3:a:zoneminder:zoneminder:1.32.2
Zoneminder » Zoneminder » Version: 1.32.3

cpe:2.3:a:zoneminder:zoneminder:1.32.3
Zoneminder » Zoneminder » Version: 1.34.0

cpe:2.3:a:zoneminder:zoneminder:1.34.0
Zoneminder » Zoneminder » Version: 1.34.1

cpe:2.3:a:zoneminder:zoneminder:1.34.1
Zoneminder » Zoneminder » Version: 1.34.10

cpe:2.3:a:zoneminder:zoneminder:1.34.10
Zoneminder » Zoneminder » Version: 1.34.11

cpe:2.3:a:zoneminder:zoneminder:1.34.11
Zoneminder » Zoneminder » Version: 1.34.12

cpe:2.3:a:zoneminder:zoneminder:1.34.12
Zoneminder » Zoneminder » Version: 1.34.13

cpe:2.3:a:zoneminder:zoneminder:1.34.13
Zoneminder » Zoneminder » Version: 1.34.14

cpe:2.3:a:zoneminder:zoneminder:1.34.14
Zoneminder » Zoneminder » Version: 1.34.15

cpe:2.3:a:zoneminder:zoneminder:1.34.15
Zoneminder » Zoneminder » Version: 1.34.16

cpe:2.3:a:zoneminder:zoneminder:1.34.16
Zoneminder » Zoneminder » Version: 1.34.17

cpe:2.3:a:zoneminder:zoneminder:1.34.17
Zoneminder » Zoneminder » Version: 1.34.18

cpe:2.3:a:zoneminder:zoneminder:1.34.18
Zoneminder » Zoneminder » Version: 1.34.19

cpe:2.3:a:zoneminder:zoneminder:1.34.19
Zoneminder » Zoneminder » Version: 1.34.2

cpe:2.3:a:zoneminder:zoneminder:1.34.2
Zoneminder » Zoneminder » Version: 1.34.20

cpe:2.3:a:zoneminder:zoneminder:1.34.20
Zoneminder » Zoneminder » Version: 1.34.21

cpe:2.3:a:zoneminder:zoneminder:1.34.21
Zoneminder » Zoneminder » Version: 1.34.22

cpe:2.3:a:zoneminder:zoneminder:1.34.22
Zoneminder » Zoneminder » Version: 1.34.23

cpe:2.3:a:zoneminder:zoneminder:1.34.23
Zoneminder » Zoneminder » Version: 1.34.24

cpe:2.3:a:zoneminder:zoneminder:1.34.24
Zoneminder » Zoneminder » Version: 1.34.25

cpe:2.3:a:zoneminder:zoneminder:1.34.25
Zoneminder » Zoneminder » Version: 1.34.26

cpe:2.3:a:zoneminder:zoneminder:1.34.26
Zoneminder » Zoneminder » Version: 1.34.3

cpe:2.3:a:zoneminder:zoneminder:1.34.3
Zoneminder » Zoneminder » Version: 1.34.4

cpe:2.3:a:zoneminder:zoneminder:1.34.4
Zoneminder » Zoneminder » Version: 1.34.5

cpe:2.3:a:zoneminder:zoneminder:1.34.5
Zoneminder » Zoneminder » Version: 1.34.6

cpe:2.3:a:zoneminder:zoneminder:1.34.6
Zoneminder » Zoneminder » Version: 1.34.7

cpe:2.3:a:zoneminder:zoneminder:1.34.7
Zoneminder » Zoneminder » Version: 1.34.8

cpe:2.3:a:zoneminder:zoneminder:1.34.8
Zoneminder » Zoneminder » Version: 1.34.9

cpe:2.3:a:zoneminder:zoneminder:1.34.9
Zoneminder » Zoneminder » Version: 1.36.0

cpe:2.3:a:zoneminder:zoneminder:1.36.0
Zoneminder » Zoneminder » Version: 1.36.1

cpe:2.3:a:zoneminder:zoneminder:1.36.1
Zoneminder » Zoneminder » Version: 1.36.10

cpe:2.3:a:zoneminder:zoneminder:1.36.10
Zoneminder » Zoneminder » Version: 1.36.11

cpe:2.3:a:zoneminder:zoneminder:1.36.11
Zoneminder » Zoneminder » Version: 1.36.12

cpe:2.3:a:zoneminder:zoneminder:1.36.12
Zoneminder » Zoneminder » Version: 1.36.13

cpe:2.3:a:zoneminder:zoneminder:1.36.13
Zoneminder » Zoneminder » Version: 1.36.14

cpe:2.3:a:zoneminder:zoneminder:1.36.14
Zoneminder » Zoneminder » Version: 1.36.15

cpe:2.3:a:zoneminder:zoneminder:1.36.15
Zoneminder » Zoneminder » Version: 1.36.16

cpe:2.3:a:zoneminder:zoneminder:1.36.16
Zoneminder » Zoneminder » Version: 1.36.17

cpe:2.3:a:zoneminder:zoneminder:1.36.17
Zoneminder » Zoneminder » Version: 1.36.18

cpe:2.3:a:zoneminder:zoneminder:1.36.18
Zoneminder » Zoneminder » Version: 1.36.19

cpe:2.3:a:zoneminder:zoneminder:1.36.19
Zoneminder » Zoneminder » Version: 1.36.2

cpe:2.3:a:zoneminder:zoneminder:1.36.2
Zoneminder » Zoneminder » Version: 1.36.20

cpe:2.3:a:zoneminder:zoneminder:1.36.20
Zoneminder » Zoneminder » Version: 1.36.21

cpe:2.3:a:zoneminder:zoneminder:1.36.21
Zoneminder » Zoneminder » Version: 1.36.22

cpe:2.3:a:zoneminder:zoneminder:1.36.22
Zoneminder » Zoneminder » Version: 1.36.23

cpe:2.3:a:zoneminder:zoneminder:1.36.23
Zoneminder » Zoneminder » Version: 1.36.24

cpe:2.3:a:zoneminder:zoneminder:1.36.24
Zoneminder » Zoneminder » Version: 1.36.25

cpe:2.3:a:zoneminder:zoneminder:1.36.25
Zoneminder » Zoneminder » Version: 1.36.26

cpe:2.3:a:zoneminder:zoneminder:1.36.26
Zoneminder » Zoneminder » Version: 1.36.3

cpe:2.3:a:zoneminder:zoneminder:1.36.3
Zoneminder » Zoneminder » Version: 1.36.4

cpe:2.3:a:zoneminder:zoneminder:1.36.4
Zoneminder » Zoneminder » Version: 1.36.5

cpe:2.3:a:zoneminder:zoneminder:1.36.5
Zoneminder » Zoneminder » Version: 1.36.6

cpe:2.3:a:zoneminder:zoneminder:1.36.6
Zoneminder » Zoneminder » Version: 1.36.7

cpe:2.3:a:zoneminder:zoneminder:1.36.7
Zoneminder » Zoneminder » Version: 1.36.8

cpe:2.3:a:zoneminder:zoneminder:1.36.8
Zoneminder » Zoneminder » Version: 1.36.9

cpe:2.3:a:zoneminder:zoneminder:1.36.9
Zoneminder » Zoneminder » Version: 1.37.23

cpe:2.3:a:zoneminder:zoneminder:1.37.23

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39285

Products

Pricing

Contact Us