First published: Mon Feb 04 2019(Updated: )
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <=1.32.3 | |
<=1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7344 is a vulnerability in ZoneMinder through 1.32.3 that allows an attacker to execute HTML or JavaScript code in the view 'filter' due to insecure printing of the 'filter[Name]' value on the web page without proper filtration.
CVE-2019-7344 has a severity score of 6.1, which is considered medium.
The affected software for CVE-2019-7344 is ZoneMinder version up to and including 1.32.3.
The Common Weakness Enumeration (CWE) ID for CVE-2019-7344 is CWE-79.
To fix CVE-2019-7344, update ZoneMinder to a version higher than 1.32.3, where the vulnerability has been patched.