Описание
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | ignored | end of life |
| devel | not-affected | 1.36.32+dfsg1-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/focal | released | 1.32.3-2ubuntu2+esm1 |
| esm-apps/jammy | not-affected | 1.36.12+dfsg1-1 |
| esm-apps/noble | not-affected | 1.36.32+dfsg1-1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [code not present]] |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3