CVE-2019-7338

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.4

Description A Self-Stored XSS issue exists, allowing an attacker to execute HTML or JavaScript code in the 'group' view. This occurs because the 'Group Name' value is printed on the web page without proper filtration, enabling the execution of malicious code.

Recommendations For ZoneMinder versions prior to 1.32.4, update to version 1.32.4 or later to resolve the issue. As a temporary workaround, consider disabling the printing of the 'Group Name' value in the 'group' view until a patch is available. Restrict access to the 'group' view to minimize the risk of exploitation.