First published: Mon Feb 04 2019(Updated: )
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <=1.32.3 | |
<=1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7331 is a vulnerability that allows for self-stored cross-site scripting (XSS) attacks in ZoneMinder through version 1.32.3 while editing an existing monitor field named "signal check color".
CVE-2019-7331 allows an attacker to inject malicious HTML and execute arbitrary scripts in ZoneMinder through a vulnerability in the monitor.php file, which could lead to unauthorized access and data theft.
CVE-2019-7331 has a severity rating of 6.1 (Medium), indicating a significant vulnerability that can be exploited.
Yes, a fix for CVE-2019-7331 is available in ZoneMinder version 1.32.4 or higher. It is recommended to update to the latest version to mitigate the vulnerability.
You can find more information about CVE-2019-7331 on the official GitHub page of ZoneMinder: https://github.com/ZoneMinder/zoneminder/issues/2451