CVE-2019-7342 (NVD)

2019-02-04

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.

Products Zoneminder
Type Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
First patch - None (likely due to unavailable code)
Links https://github.com/ZoneMinder/zoneminder/issues/2461