CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6992
https://notcve.org/view.php?id=CVE-2019-6992
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. Existe Cross-Site Scripting (XSS) persistente en web/skins/classic/views/controlcaps.php en ZoneMinder, hasta la versión 1.32.3, lo que permite a los atacantes ejecutar código HTML o JavaScript en un campo vulnerable mediante un NAME o PROTOCOL largo en la URI index.php?view=controlcaps. • https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498 https://github.com/ZoneMinder/zoneminder/issues/2445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6991
https://notcve.org/view.php?id=CVE-2019-6991
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. Existe un clásico desbordamiento de búfer basado en pila en la función zmLoadUser() en zm_user.cpp, del binario zmu, en ZoneMinder hasta la versión 1.32.3, lo que permite a los atacantes no autorizados ejecutar código mediante un nombre de usuario largo. • https://github.com/ZoneMinder/zoneminder/issues/2478 https://github.com/ZoneMinder/zoneminder/pull/2482 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6777
https://notcve.org/view.php?id=CVE-2019-6777
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. Se ha descubierto un problema en ZoneMinder v1.32.3. Existe Cross-Site Scripting (XSS) reflejado en web/skins/classic/views/plugin.php mediante el parámetro "pl" en zm/index.php? • https://github.com/ZoneMinder/zoneminder/issues/2436 https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •