Zoneminder

Zoneminder

84 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-7344

Exploit
  • EPSS 0.33%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.

6.1

CVE-2019-7343

Exploit
  • EPSS 0.36%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is o...

6.1

CVE-2019-7341

Exploit
  • EPSS 0.36%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtrat...

6.1

CVE-2019-7340

Exploit
  • EPSS 0.36%
  • Veröffentlicht 04.02.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:03

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration i...

6.1

CVE-2019-7332

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:01

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is o...

6.1

CVE-2019-7325

Exploit
  • EPSS 0.11%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:00

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.

6.1

CVE-2019-7326

Exploit
  • EPSS 0.11%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:01

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This...

6.1

CVE-2019-7327

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:01

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.

6.1

CVE-2019-7328

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:01

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is...

6.1

CVE-2019-7329

Exploit
  • EPSS 0.14%
  • Veröffentlicht 04.02.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:01

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leadi...