Published: 03/03/2017 Updated: 07/03/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the path info to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoneminder zoneminder

Debian Bug report logs - #854272 CVE-2016-10201 CVE-2016-10202 CVE-2016-10203 CVE-2016-10204 CVE-2016-10205 CVE-2016-10206 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 5 Feb 2017 17:21:02 UTC Severity: grave ...

CWE-79 https://www.foxmole.com/advisories/foxmole-2016-07-05.txt http://www.openwall.com/lists/oss-security/2017/02/05/1 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272

CVE-2016-10202

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect