Описание
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | ignored | end of life |
| devel | not-affected | 1.36.32+dfsg1-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/focal | released | 1.32.3-2ubuntu2+esm1 |
| esm-apps/jammy | not-affected | 1.36.12+dfsg1-1 |
| esm-apps/noble | not-affected | 1.36.32+dfsg1-1 |
| esm-apps/xenial | released | 1.29.0+dfsg-1ubuntu2+esm1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3