Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 15/11/2022 Updated: 07/11/2023

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 0

A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an malicious user to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoneminder zoneminder 1.36.12

CWE-79 https://github.com/ZoneMinder/zoneminder/releases https://medium.com/%40dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-30768

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect