Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.
References
Link | Resource |
---|---|
https://github.com/ZoneMinder/zoneminder/issues/2457 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:19:30
Updated: 2022-10-03T16:19:30
Reserved: 2022-10-03T00:00:00
Link: CVE-2019-7336
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-02-04T19:29:00.850
Modified: 2019-02-05T21:24:09.027
Link: CVE-2019-7336
JSON object: View
Redhat Information
No data.
CWE