Note:
This project will be discontinued after December 13, 2021. [more]
2019-01-24
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
| Products | Zoneminder |
| Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
| First patch |
https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41 |
| Relevant file/s | ./web/skins/classic/views/plugin.php (modified, +4, -3) |
| Links | https://github.com/ZoneMinder/zoneminder/issues/2436 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: