Note:
This project will be discontinued after December 13, 2021. [more]
2019-02-04
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.
Products | Zoneminder |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Links | https://github.com/ZoneMinder/zoneminder/issues/2468 |