|
214341
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7349
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214342
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (use…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7348
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214343
|
7.5 |
HIGH
Network
|
zoneminder
|
zoneminder
|
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a n…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-7347
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214344
|
8.8 |
HIGH
Network
|
zoneminder
|
zoneminder
|
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making…
|
CWE-352
Origin Validation Error
|
CVE-2019-7346
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214345
|
4.8 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BA…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7345
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214346
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7344
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214347
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view m…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7343
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214348
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view fi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7342
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214349
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in th…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7341
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214350
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the v…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7340
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
