Page 9 of 82 results (0.018 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, ya que la acción de formulario en múltiples vistas emplea $_SERVER['PHP_SELF'] de forma insegura, gestionando de manera incorrecta cualquier entrada arbitraria anexada a la URL del webroot sin ningún filtrado correcto. Esto conduce a Cross-Site Scripting (XSS). • https://github.com/ZoneMinder/zoneminder/issues/2446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. Existe autocross-Site Scripting (XSS) persistente en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript en la vista "group" ya que imprime el valor de "Group Name" de forma insegura en la página web sin aplicar ningún filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2454 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted. Existe POST- Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "filter[AutoExecuteCmd]" vulnerable en la vista de filtros (filter.php) debido a que se omite un filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. Existe - Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, lo que permite que un atacante ejecute código HTML o JavaScript mediante un valor del parámetro "newMonitor[Method]" vulnerable en la vista de monitor (monitor.php) debido a que se omite un filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2464 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. Existe Cross-Site Scripting (XSS) reflejado en ZoneMinder, hasta la versión 1.32.3, ya que múltiples vistas bajo web/skins/classic/views emplean de forma insegura $_REQUEST['PHP_SELF'], sin aplicar ningún tipo de filtrado adecuado. • https://github.com/ZoneMinder/zoneminder/issues/2450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •