CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8428
https://notcve.org/view.php?id=CVE-2019-8428
18 Feb 2019 — ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. ZoneMinder, en versiones anteriores a la 1.32.3, tiene una inyección SQL mediante el parámetro groupSql en skins/classic/views/control.php, tal y como queda demostrado con un nuevo valor newGroup[MonitorIds][]. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8429
https://notcve.org/view.php?id=CVE-2019-8429
18 Feb 2019 — ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. ZoneMinder, en versiones anteriores a la 1.32.3, tiene una inyección SQL mediante el parámetro filter[Query][terms][0][cnj] en ajax/status.php. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-393-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8424
https://notcve.org/view.php?id=CVE-2019-8424
18 Feb 2019 — ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. ZoneMinder, en versiones anteriores a la 1.32.3, tiene una inyección SQL mediante el parámetro sort en ajax/status.php. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8423
https://notcve.org/view.php?id=CVE-2019-8423
18 Feb 2019 — ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. ZoneMinder, hasta la versión 1.32.3, tiene una inyección SQL mediante el parámetro filter[Query][terms][0][cnj] en skins/classic/views/events.php. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewseventsphp-line-44-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8425
https://notcve.org/view.php?id=CVE-2019-8425
18 Feb 2019 — includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. includes/database.php en ZoneMinder, en versiones anteriores a la 1.32.3, tiene Cross-Site Scripting (XSS) en la construcción de mensajes SQL-ERR. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#sql-query-error-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8426
https://notcve.org/view.php?id=CVE-2019-8426
18 Feb 2019 — skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. skins/classic/views/controlcap.php en ZoneMinder, en versiones anteriores a la 1.32.3, tiene Cross-Site Scripting (XSS) mediante el array newControl, tal y como queda demostrado con el parámetro newControl[MinTiltRange]. • https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7341
https://notcve.org/view.php?id=CVE-2019-7341
04 Feb 2019 — Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. Existe - Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "newMonitor[LinkedMonitors]" vulnerable en la vista de monitor (... • https://github.com/ZoneMinder/zoneminder/issues/2463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7328
https://notcve.org/view.php?id=CVE-2019-7328
04 Feb 2019 — Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "scale" vulnerable en la vista de frame (frame.php) mediante /js/frame.j... • https://github.com/ZoneMinder/zoneminder/issues/2449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7338
https://notcve.org/view.php?id=CVE-2019-7338
04 Feb 2019 — Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. Existe autocross-Site Scripting (XSS) persistente en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript en la vista "group" ya que imprime el valor de "Group Name" de forma insegura en la página web sin aplicar ningún filtrado a... • https://github.com/ZoneMinder/zoneminder/issues/2454 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7334
https://notcve.org/view.php?id=CVE-2019-7334
04 Feb 2019 — Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "Exportfile" vulnerable en la vista de exportación (export.php) debido a que se omite ... • https://github.com/ZoneMinder/zoneminder/issues/2443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •