First published: Mon Jan 28 2019(Updated: )
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ZoneMinder | <=1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-6990 is a medium severity vulnerability due to its potential for stored cross-site scripting (XSS) attacks.
To fix CVE-2019-6990, you should update ZoneMinder to a version higher than 1.32.3, where the vulnerability has been addressed.
CVE-2019-6990 is a stored cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary HTML or JavaScript code.
CVE-2019-6990 affects all versions of ZoneMinder up to and including 1.32.3.
Yes, CVE-2019-6990 can be exploited remotely by an attacker if they can manipulate the Zone NAME in the vulnerable field.