CVE-2019-7337 – Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3

March 7, 2022

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view ‘events’ (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337

Reference (s):

https://github.com/ZoneMinder/zoneminder/issues/2456

CVE-2019-7337 – Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-26212 - GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

Categories

Partners

Just add here your partners image or promo text

CVE-2019-7337 – Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3

Related posts

Something Fresh

What People Reading

Categories

Partners

Just add here your partners image or promo text