CVE

CVE-2019-7329

admin

CVE-2019-7329

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER[‘PHP_SELF’] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.

Source: CVE-2019-7329

Exit mobile version