XSS vulnerabilities in montagereview
CVE-2024-43359

6.1MEDIUM

Key Information:

Vendor: Zoneminder
Status: Zoneminder
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-43359?

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.

Affected Version(s)

zoneminder < 1.36.34 < 1.36.34

zoneminder >= 1.37.0, < 1.37.61 < 1.37.0, 1.37.61

References

https://github.com/ZoneMinder/zoneminder/security/advisor...

x_refsource_CONFIRM

https://github.com/ZoneMinder/zoneminder/commit/6cc64dddf...

x_refsource_MISC

https://github.com/ZoneMinder/zoneminder/commit/b51c5df0c...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024

Zoneminder

What is CVE-2024-43359?

Affected Version(s)

References

CVSS V3.1

Timeline