ZoneMinder 1.32.3 Self-Stored XSS Vulnerability in 'log' View

ZoneMinder 1.32.3 Self-Stored XSS Vulnerability in 'log' View

CVE-2019-7335 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.

Learn more about our Web App Pen Testing.