Shodan
Vulnerabilities
Vulnerable Software
Zoneminder:  Security Vulnerabilities
CVE-2019-6992
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-01-28
CVE-2019-6777
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-01-24
CVE-2018-1000832
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
CVSS Score
9.8
EPSS Score
0.037
Published
2018-12-20
CVE-2018-1000833
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
CVSS Score
9.8
EPSS Score
0.02
Published
2018-12-20
CVE-2017-7203
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-21
CVE-2016-10201
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-03
CVE-2016-10202
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-03
CVE-2016-10203
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-03
CVE-2016-10204
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-03
CVE-2016-10205
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.
CVSS Score
7.3
EPSS Score
0.007
Published
2017-03-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved