CVE-2017-7203

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.30.2

Description A Cross-Site Scripting (XSS) issue was discovered due to insufficient filtration of user-supplied data, specifically the postLoginQuery variable, passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For versions prior to 1.30.2, update to version 1.30.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the postlogin.js.php file until a patch is applied. Avoid using the postLoginQuery variable in the affected URL until the issue is resolved.