CVE-2024-43359

Name
CVE-2024-43359
Description
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8
MISC https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af
MISC https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2

Match rules

CPE URI Source package Min version Max version
zoneminder >= 0 < 1.36.34
zoneminder >= 1.37.0 < 1.37.61
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* zoneminder >= 0 < 1.36.34
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* zoneminder >= 1.37.0 < 1.37.61

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zoneminder 3.20-community 1.36.33-r5 Kaarle Ritvanen <kunkku@alpinelinux.org> possibly vulnerable