Reflected Cross Site Scripting Vulnerability in ZoneMinder
CVE-2019-7334

6.1MEDIUM

Key Information:

Vendor: Zoneminder
Status: Zoneminder
Vendor: CVE Published:; 3 October 2022

What is CVE-2019-7334?

A reflected Cross Site Scripting vulnerability exists in ZoneMinder up to version 1.32.3, which allows attackers to execute arbitrary HTML or JavaScript code. This can be exploited through a vulnerable 'Exportfile' parameter within the export functionality, specifically in the export.php script, due to insufficient input validation. Attackers can leverage this flaw to manipulate user sessions or conduct phishing attacks against unsuspecting users.

References

https://github.com/ZoneMinder/zoneminder/issues/2443

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022

Zoneminder

What is CVE-2019-7334?

References

CVSS V3.1

Timeline