Shodan
Vulnerabilities
Vulnerable Software
Zoneminder:  Security Vulnerabilities
CVE-2019-7340
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-02-04
CVE-2019-7341
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-02-04
CVE-2019-7342
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-04
CVE-2019-7343
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-02-04
CVE-2019-7344
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-04
CVE-2019-7345
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-02-04
CVE-2019-7346
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-02-04
CVE-2019-7347
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).
CVSS Score
7.5
EPSS Score
0.007
Published
2019-02-04
CVE-2019-7348
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-04
CVE-2019-7349
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved