First published: Mon Feb 04 2019(Updated: )
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <=1.32.3 | |
<=1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-7335.
The severity of CVE-2019-7335 is medium with a severity value of 6.1.
The affected software is ZoneMinder version 1.32.3.
CVE-2019-7335 allows an attacker to execute HTML or JavaScript code in the 'log' view of ZoneMinder by insecurely printing the 'Log Message' value without proper filtration.
Yes, updating to a version beyond 1.32.3 of ZoneMinder resolves the vulnerability.