CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7332
https://notcve.org/view.php?id=CVE-2019-7332
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "eid" vulnerable (también conocido como Event ID) en la vista de descargas (download.php) debido a que se omite un filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2442 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6990
https://notcve.org/view.php?id=CVE-2019-6990
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. Existe Cross-Site Scripting (XSS) persistente en web/skins/classic/views/zones.php en ZoneMinder, hasta la versión 1.32.3, lo que permite a los atacantes ejecutar código HTML o JavaScript en un campo vulnerable mediante un NAME de zona manipulado en el URI index.php?view=zonesaction=zoneImagemid=1. • https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a https://github.com/ZoneMinder/zoneminder/issues/2444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6992
https://notcve.org/view.php?id=CVE-2019-6992
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. Existe Cross-Site Scripting (XSS) persistente en web/skins/classic/views/controlcaps.php en ZoneMinder, hasta la versión 1.32.3, lo que permite a los atacantes ejecutar código HTML o JavaScript en un campo vulnerable mediante un NAME o PROTOCOL largo en la URI index.php?view=controlcaps. • https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498 https://github.com/ZoneMinder/zoneminder/issues/2445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6991
https://notcve.org/view.php?id=CVE-2019-6991
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. Existe un clásico desbordamiento de búfer basado en pila en la función zmLoadUser() en zm_user.cpp, del binario zmu, en ZoneMinder hasta la versión 1.32.3, lo que permite a los atacantes no autorizados ejecutar código mediante un nombre de usuario largo. • https://github.com/ZoneMinder/zoneminder/issues/2478 https://github.com/ZoneMinder/zoneminder/pull/2482 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6777
https://notcve.org/view.php?id=CVE-2019-6777
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. Se ha descubierto un problema en ZoneMinder v1.32.3. Existe Cross-Site Scripting (XSS) reflejado en web/skins/classic/views/plugin.php mediante el parámetro "pl" en zm/index.php? • https://github.com/ZoneMinder/zoneminder/issues/2436 https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •