First published: Sat Feb 25 2023(Updated: )
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zoneminder Zoneminder | <1.36.33 | |
Zoneminder Zoneminder | >=1.37.0<1.37.33 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25825 is a vulnerability in ZoneMinder that allows for Cross-site Scripting (XSS) attacks.
CVE-2023-25825 has a severity score of 6.1 (high).
CVE-2023-25825 allows for Cross-site Scripting (XSS) attacks in ZoneMinder versions prior to 1.36.33 and versions between 1.37.0 and 1.37.33.
To fix CVE-2023-25825, update ZoneMinder to version 1.36.33 or higher.
Yes, you can find more information about CVE-2023-25825 in the following references: [GitHub Commit 1](https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81), [GitHub Commit 2](https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0), [GitHub Commit 3](https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308).