Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.
References
Link | Resource |
---|---|
https://github.com/ZoneMinder/zoneminder/issues/2475 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:19:28
Updated: 2022-10-03T16:19:28
Reserved: 2022-10-03T00:00:00
Link: CVE-2019-7352
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-02-04T19:29:01.537
Modified: 2019-02-04T20:13:21.080
Link: CVE-2019-7352
JSON object: View
Redhat Information
No data.
CWE