Note:
This project will be discontinued after December 13, 2021. [more]
2019-06-30
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
Products | Zoneminder |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Patches | https://github.com/ZoneMinder/zoneminder/issues/2642 |
Links | https://www.exploit-db.com/exploits/47060 |