Zoneminder

Zoneminder

84 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-7330

Exploit
  • EPSS 0.12%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:01

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.

6.1

CVE-2019-7331

Exploit
  • EPSS 0.11%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:01

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Inject...

6.1

CVE-2019-7333

Exploit
  • EPSS 0.36%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:02

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.

6.1

CVE-2019-7334

Exploit
  • EPSS 0.33%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:02

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.

6.1

CVE-2019-7335

Exploit
  • EPSS 0.33%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:02

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to t...

6.1

CVE-2019-7336

Exploit
  • EPSS 0.33%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:02

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and...

4.8

CVE-2019-7337

Exploit
  • EPSS 0.32%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:02

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHea...

6.1

CVE-2019-7338

Exploit
  • EPSS 0.33%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:02

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.

6.1

CVE-2019-7339

Exploit
  • EPSS 0.33%
  • Published 04.02.2019 19:29:00
  • Last modified 21.11.2024 04:48:02

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.

6.1

CVE-2019-6992

Exploit
  • EPSS 0.1%
  • Published 28.01.2019 20:29:00
  • Last modified 21.11.2024 04:47:23

A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.