Note:
This project will be discontinued after December 13, 2021. [more]
2019-01-28
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.
Products | Zoneminder |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch |
https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498 |
Relevant file/s |
• ./web/includes/functions.php (modified, +3)
• ./web/skins/classic/views/controlcaps.php (modified, +2, -2) |
Links | https://github.com/ZoneMinder/zoneminder/issues/2445 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: