CVE-2020-25729

Name
CVE-2020-25729
Description
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413
Release Notes https://github.com/ZoneMinder/zoneminder/releases/tag/1.34.21
Vendor Advisory https://forums.zoneminder.com/viewforum.php?f=1

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* zoneminder >= None < 1.34.21

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zoneminder 3.13-community 1.32.3-r4 Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> possibly vulnerable
zoneminder 3.14-community 1.32.3-r4 Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> possibly vulnerable