Vulnerabilities

CVE-2019-7329

by Fred · 04/02/2019

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER[‘PHP_SELF’] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.

Date published : 2019-02-04

https://github.com/ZoneMinder/zoneminder/issues/2446

Similar

Tags: Cybersecurity Alert