ZoneMinder 1.32.3 - Self-Stored Cross Site Scripting (XSS) in signal check color field
CVE-2019-7331 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.
Learn more about our Web Application Penetration Testing UK.