First published: Sun Jun 30 2019(Updated: )
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | =1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-13072.
The severity of CVE-2019-13072 is medium.
The affected software version of CVE-2019-13072 is ZoneMinder 1.32.3.
CVE-2019-13072 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to the Filters page (Name field) in ZoneMinder 1.32.3.
At the moment, there are no known fixes for CVE-2019-13072. It is recommended to update to a newer version of ZoneMinder when one becomes available.