CVE-2019-13072

Name
CVE-2019-13072
Description
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://github.com/ZoneMinder/zoneminder/issues/2642
MISC https://www.exploit-db.com/exploits/47060

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:* zoneminder == None == 1.32.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zoneminder 3.14-community 1.32.3-r4 Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> possibly vulnerable
zoneminder edge-community 1.32.3-r5 Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> possibly vulnerable