Published: 28/01/2019 Updated: 29/01/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder up to and including 1.32.3, allowing an malicious user to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoneminder zoneminder

Debian Bug report logs - #920999 zoneminder: CVE-2019-6992 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:18:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...

Debian Bug report logs - #921001 zoneminder: CVE-2019-6990 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:21:05 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...

Debian Bug report logs - #921000 zoneminder: CVE-2019-6991 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:21:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...

Debian Bug report logs - #920375 zoneminder: CVE-2019-6777 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 24 Jan 2019 20:39:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in ver ...

CWE-79 https://github.com/ZoneMinder/zoneminder/issues/2445 https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999

CVE-2019-6992

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect