Описание
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | ignored | end of life |
| devel | not-affected | 1.36.32+dfsg1-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/focal | released | 1.32.3-2ubuntu2+esm1 |
| esm-apps/jammy | not-affected | 1.36.12+dfsg1-1 |
| esm-apps/noble | not-affected | 1.36.32+dfsg1-1 |
| esm-apps/xenial | released | 1.29.0+dfsg-1ubuntu2+esm1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
Показывать по
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.
4.3 Medium
CVSS2
6.1 Medium
CVSS3