First published: Mon Feb 04 2019(Updated: )
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <=1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7329 is a vulnerability known as Reflected Cross Site Scripting (XSS), which exists in ZoneMinder through version 1.32.3.
CVE-2019-7329 works by insecurely handling arbitrary input appended to the webroot URL in the form action on multiple views of ZoneMinder, leading to XSS.
CVE-2019-7329 has a severity keyword of medium and a severity value of 6.1, indicating a moderate impact.
CVE-2019-7329 affects ZoneMinder, specifically versions up to and including 1.32.3.
To fix CVE-2019-7329, it is recommended to update ZoneMinder to a version beyond 1.32.3, where the issue has been resolved.