ZoneMinder 1.32.3 - Self-Stored Cross Site Scripting (XSS) in signal check color field

ZoneMinder 1.32.3 - Self-Stored Cross Site Scripting (XSS) in signal check color field

CVE-2019-7331 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.

Learn more about our Web Application Penetration Testing UK.