Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2019-6990

Published: 28/01/2019 Updated: 29/01/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Zoneminder

Vulnerability Summary

A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zoneminder zoneminder

Vendor Advisories

Debian CVElist Bug Report Logs: zoneminder: CVE-2019-6992
Debian Bug report logs - #920999 zoneminder: CVE-2019-6992 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:18:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...
Debian CVElist Bug Report Logs: zoneminder: CVE-2019-6990
Debian Bug report logs - #921001 zoneminder: CVE-2019-6990 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:21:05 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...
Debian CVElist Bug Report Logs: zoneminder: CVE-2019-6991
Debian Bug report logs - #921000 zoneminder: CVE-2019-6991 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:21:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...
Debian CVElist Bug Report Logs: zoneminder: CVE-2019-6777
Debian Bug report logs - #920375 zoneminder: CVE-2019-6777 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 24 Jan 2019 20:39:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in ver ...

References

CWE-79https://github.com/ZoneMinder/zoneminder/issues/2444https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94ahttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook