ZoneMinder XSS Vulnerability Allows Remote Code Execution and Sensitive Information Theft

CVE-2020-25730

What is CVE-2020-25730?

A Cross Site Scripting (XSS) vulnerability exists in ZoneMinder, specifically affecting versions prior to 1.34.21. This vulnerability allows remote attackers to manipulate input in the PHP_SELF component of the classic/views/download.php file. By exploiting this flaw, attackers can execute arbitrary code and escalate privileges, potentially leading to unauthorized access to sensitive information stored within the application.

References