Note:
This project will be discontinued after December 13, 2021. [more]
2019-02-04
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.
| Products | Zoneminder |
| Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
| First patch | - None (likely due to unavailable code) |
| Links | https://github.com/ZoneMinder/zoneminder/issues/2450 |