First published: Mon Feb 18 2019(Updated: )
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <1.32.3 | |
<1.32.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8425 is a vulnerability in ZoneMinder before version 1.32.3 that allows for cross-site scripting (XSS) in the construction of SQL-ERR messages.
The severity of CVE-2019-8425 is medium, with a severity value of 6.1.
ZoneMinder versions up to and excluding 1.32.3 are affected by CVE-2019-8425.
The Common Vulnerabilities and Exposures (CVE) reference for CVE-2019-8425 is CVE-2019-8425.
To fix CVE-2019-8425, it is recommended to update ZoneMinder to version 1.32.3 or newer.