ZoneMinder 1.32.3 Vulnerability: Self-Stored XSS in 'Group Name' Field

ZoneMinder 1.32.3 Vulnerability: Self-Stored XSS in 'Group Name' Field

CVE-2019-7338 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.

Learn more about our Web App Pen Testing.