PT-2019-18532 · Zoneminder+3 · Zoneminder+3

Loginsoft-Research

Publicado

2019-02-04

Atualizado

2023-02-27

CVE-2019-7327

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.4

Description A Reflected Cross Site Scripting issue exists, allowing an attacker to execute HTML or JavaScript code via a vulnerable scale parameter value in the "frame.php" file, due to omitted proper filtration.

Recommendations For ZoneMinder versions prior to 1.32.4, update to version 1.32.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "frame.php" file or avoiding the use of the scale parameter until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2020-1092

ALT-PU-2020-1246

CVE-2019-7327

USN-5889-1

Produtos afetados

Alt Linux

Linuxmint

Ubuntu

Zoneminder

PT-2019-18532 · Zoneminder+3 · Zoneminder+3

CVE-2019-7327

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30