Описание
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | ignored | end of life |
| devel | needed | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/noble | needed | |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3