CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7340
https://notcve.org/view.php?id=CVE-2019-7340
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. Existe POST- Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "filter[Query][terms][0][val]" vulnerable en la vista de filtros (filter.php) debido a que se omite un filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2462 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7348
https://notcve.org/view.php?id=CVE-2019-7348
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. Existe autocross-Site Scripting (XSS) persistente en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "username" vulnerable en la vista de usuario (user.php) debido a que se omite un filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2467 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7349
https://notcve.org/view.php?id=CVE-2019-7349
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "newMonitor[V4LCapturesPerFrame]" vulnerable en la vista de monitor (monitor.php) debido a que se omite un filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2465 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7327
https://notcve.org/view.php?id=CVE-2019-7327
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "scale" vulnerable en la vista de frame (frame.php) debido a que se omite un filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7336
https://notcve.org/view.php?id=CVE-2019-7336
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. Existe autocross-Site Scripting (XSS) persistente en ZoneMinder, hasta la versión 1.32.3, ya que view _monitor_filters.php contiene entradas del usuario y lo guarda en la sesión, recuperándola más adelante de forma insegura. Los valores de los parámetros MonitorName y Source se muestran sin que se les aplique ningún filtrado de salidas. • https://github.com/ZoneMinder/zoneminder/issues/2457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •