Shodan
Vulnerabilities
Vulnerable Software
Zoneminder:  >> Zoneminder  >> 1.32.3  Security Vulnerabilities
CVE-2022-29806
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
CVSS Score
9.8
EPSS Score
0.771
Published
2022-04-26
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-09-17
CVE-2019-13072
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-06-30
CVE-2019-8423
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-18
CVE-2019-7340
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-02-04
CVE-2019-7341
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-02-04
CVE-2019-7342
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-04
CVE-2019-7343
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-02-04
CVE-2019-7344
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-04
CVE-2019-7345
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved