CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7347
https://notcve.org/view.php?id=CVE-2019-7347
04 Feb 2019 — A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.). Existe una condición de carrera TOCTOU (Time-of-check Time-of-use) en ZoneMinder, hasta la versión 1.32.3, ya que una sesión permanece activa para un usuario autenticado incluso después de que se elimine de la tabla de usuarios. Est... • https://github.com/ZoneMinder/zoneminder/issues/2476 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7326 – Ubuntu Security Notice USN-5889-1
https://notcve.org/view.php?id=CVE-2019-7326
04 Feb 2019 — Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field. Existe autocross-Site Scripting (XSS) persistente en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "Host" vulnerable en... • https://github.com/ZoneMinder/zoneminder/issues/2452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7327
https://notcve.org/view.php?id=CVE-2019-7327
04 Feb 2019 — Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "scale" vulnerable en la vista de frame (frame.php) debido a que se omite un filtrado adecuad... • https://github.com/ZoneMinder/zoneminder/issues/2447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7332 – Ubuntu Security Notice USN-5889-1
https://notcve.org/view.php?id=CVE-2019-7332
04 Feb 2019 — Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "eid" vulnerable (también conocido como Event ID) en la vista de descargas... • https://github.com/ZoneMinder/zoneminder/issues/2442 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7341
https://notcve.org/view.php?id=CVE-2019-7341
04 Feb 2019 — Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. Existe - Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "newMonitor[LinkedMonitors]" vulnerable en la vista de monitor (... • https://github.com/ZoneMinder/zoneminder/issues/2463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7336
https://notcve.org/view.php?id=CVE-2019-7336
04 Feb 2019 — Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. Existe autocross-Site Scripting (XSS) persistente en ZoneMinder, hasta la versión 1.32.3, ya que view _monitor_filters.php contiene entradas... • https://github.com/ZoneMinder/zoneminder/issues/2457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7337
https://notcve.org/view.php?id=CVE-2019-7337
04 Feb 2019 — Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, ya que la vista "events" (events.php) muestra de f... • https://github.com/ZoneMinder/zoneminder/issues/2456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7339
https://notcve.org/view.php?id=CVE-2019-7339
04 Feb 2019 — POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted. Existe POST- Cross-Site Scripting (XSS) en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "level" vulnerable en la vista de registros (log.php) debido a que se omite un filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7350
https://notcve.org/view.php?id=CVE-2019-7350
04 Feb 2019 — Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins. Existe una fijación de sesiones en ZoneMinder, hasta la versión 1.32.3, ya que un atacante puede fijar sus propias cookies de sesión al siguiente usuario que inicia sesión, secu... • https://github.com/ZoneMinder/zoneminder/issues/2471 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7329 – Ubuntu Security Notice USN-5889-1
https://notcve.org/view.php?id=CVE-2019-7329
04 Feb 2019 — Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, ya que la acción de formulario en múltiples vistas emplea $_SERVER['PHP_SELF'] de forma insegura, gestionando de manera incorrecta cualquier entrada arbitraria anexada... • https://github.com/ZoneMinder/zoneminder/issues/2446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •