First published: Fri Mar 03 2017(Updated: )
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ZoneMinder | <=1.30.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-10202 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
To fix CVE-2016-10202, upgrade Zoneminder to version 1.31 or later, as these versions contain patches for this vulnerability.
CVE-2016-10202 affects Zoneminder versions up to and including 1.30.0.
CVE-2016-10202 is a cross-site scripting (XSS) vulnerability.
Yes, attackers can remotely exploit CVE-2016-10202 to inject arbitrary web scripts or HTML.