CVE-2019-7344

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.4

Description A reflected XSS issue exists, allowing an attacker to execute HTML or JavaScript code in the 'filter' view. This occurs because the filter[Name] value is insecurely printed on the web page without proper filtration.

Recommendations For versions prior to 1.32.4, update to version 1.32.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'filter' view until a patch is available. Avoid using the filter[Name] value in the affected view until the issue is resolved.