Zoneminder

Zoneminder

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-7346

Exploit
  • EPSS 0.18%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.

4.8

CVE-2019-7345

Exploit
  • EPSS 0.24%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or...

6.1

CVE-2019-7344

Exploit
  • EPSS 0.33%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.

6.1

CVE-2019-7342

Exploit
  • EPSS 0.33%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omit...

6.1

CVE-2019-7341

Exploit
  • EPSS 0.36%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtrat...

6.1

CVE-2019-7340

Exploit
  • EPSS 0.36%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration i...

6.1

CVE-2019-7333

Exploit
  • EPSS 0.36%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:02

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.

6.1

CVE-2019-7325

Exploit
  • EPSS 0.32%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:00

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.

6.1

CVE-2019-7326

Exploit
  • EPSS 0.32%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:01

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This...

6.1

CVE-2019-7327

Exploit
  • EPSS 0.35%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:01

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.