First published: Mon Feb 04 2019(Updated: )
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <=1.32.3 | |
<=1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7327 is a vulnerability that allows an attacker to execute HTML or JavaScript code via a reflected cross-site scripting (XSS) attack in ZoneMinder through version 1.32.3.
CVE-2019-7327 has a severity rating of 6.1, which is considered medium.
CVE-2019-7327 works by exploiting a vulnerability in the 'scale' parameter value in the view frame (frame.php) of ZoneMinder, allowing the execution of malicious HTML or JavaScript code.
Yes, updating ZoneMinder to version 1.32.4 or later will fix the CVE-2019-7327 vulnerability.
You can find more information about CVE-2019-7327 on the GitHub page for ZoneMinder's issue #2447.