Описание
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zoneminder | fixed | 1.34.6-1 | package |
Примечания
https://github.com/ZoneMinder/zoneminder/issues/2452
https://github.com/ZoneMinder/zoneminder/commit/fa6716a64b7481677b0d8d73d460200e60429410
See README.Debian.security, only supported behind an authenticated HTTP zone
Связанные уязвимости
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.