CVE-2019-6777

Name
CVE-2019-6777
Description
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/ZoneMinder/zoneminder/issues/2436
Patch https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:* zoneminder == None == 1.32.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zoneminder 3.14-community 1.32.3-r4 Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> possibly vulnerable
zoneminder edge-community 1.32.3-r5 Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> possibly vulnerable