CVE-2019-7330

CVE-2019-7330

Name

CVE-2019-7330

Description

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/ZoneMinder/zoneminder/issues/2448

Type

URI

Exploit

https://github.com/ZoneMinder/zoneminder/issues/2448

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:zoneminder:zoneminder::::::::`	zoneminder	>= None	<= 1.32.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

zoneminder

>= None

<= 1.32.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
zoneminder	edge-community	1.36.7-r0	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	fixed
zoneminder	3.22-community	1.36.7-r0	None	fixed
zoneminder	3.21-community	1.36.7-r0	None	fixed
zoneminder	3.20-community	1.36.7-r0	None	fixed
zoneminder	3.19-community	1.36.7-r0	None	fixed
zoneminder	3.18-community	1.36.7-r0	None	fixed
zoneminder	3.17-community	1.36.7-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

zoneminder

edge-community

1.36.7-r0

Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

fixed

zoneminder

3.22-community