CVE-2019-7340

CVE-2019-7340

Name

CVE-2019-7340

Description

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/ZoneMinder/zoneminder/issues/2462

Type

URI

Exploit

https://github.com/ZoneMinder/zoneminder/issues/2462

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:zoneminder:zoneminder::::::::`	zoneminder	>= None	<= 1.32.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

zoneminder

>= None

<= 1.32.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
zoneminder	edge-community	1.36.7-r0	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	fixed
zoneminder	edge-community	1.30.2-r3	None	possibly vulnerable
zoneminder	edge-community	1.30.2-r0	None	possibly vulnerable
zoneminder	3.22-community	1.36.7-r0	None	fixed
zoneminder	3.22-community	1.30.2-r3	None	possibly vulnerable
zoneminder	3.22-community	1.30.2-r0	None	possibly vulnerable
zoneminder	3.21-community	1.36.7-r0	None	fixed
zoneminder	3.20-community	1.36.7-r0	None	fixed
zoneminder	3.19-community	1.36.7-r0	None	fixed
zoneminder	3.18-community	1.36.7-r0	None	fixed
zoneminder	3.17-community	1.36.7-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

zoneminder

edge-community

1.36.7-r0

Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

fixed

zoneminder

edge-community