Описание
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | DNE | |
| cosmic | not-affected | 1.30.4+dfsg1-5 |
| devel | not-affected | 1.30.4+dfsg1-5 |
| disco | not-affected | 1.30.4+dfsg1-5 |
| eoan | not-affected | 1.30.4+dfsg1-5 |
| esm-apps/focal | not-affected | 1.30.4+dfsg1-5 |
| esm-apps/jammy | not-affected | 1.30.4+dfsg1-5 |
| esm-apps/noble | not-affected | 1.30.4+dfsg1-5 |
| esm-apps/xenial | needed |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30. ...
A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3