CVE search results

41 – 50 of 87 results

Detailed view

Sort by:

CVE-2019-7347

Low priority

Vulnerable

A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and...

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7346

Medium priority

Vulnerable

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7345

Low priority

Vulnerable

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an...

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7344

Medium priority

Vulnerable

Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying...

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7343

Medium priority

Vulnerable

Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because...

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7342

Medium priority

Vulnerable

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because...

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7341

Medium priority

Vulnerable

Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php)...

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7340

Medium priority

Vulnerable

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because...

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7339

Medium priority

Vulnerable

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

CVE-2019-7338

Medium priority

Vulnerable

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.

1 affected package

zoneminder

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
zoneminder	Vulnerable	Vulnerable	Vulnerable	Not in release

Export to JSON

Results by page:

Search CVE reports