Zoneminder: >> Zoneminder >> 1.32.3 Security Vulnerabilities
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-04
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-01-28
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.
CVSS Score
9.8
EPSS Score
0.032
Published
2019-01-28
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-01-28
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-01-24
Page 6