CVE-2019-7345

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.33

Description A Self-Stored Cross Site Scripting (XSS) issue exists due to the lack of input validation for the WEB TITLE, HOME URL, HOME CONTENT, or WEB CONSOLE BANNER values in the 'options' view (options.php), allowing an attacker to execute HTML or JavaScript code. This issue relates to the functions.php file.

Recommendations For ZoneMinder versions prior to 1.33, update to a version that includes input validation for the WEB TITLE, HOME URL, HOME CONTENT, and WEB CONSOLE BANNER values to prevent XSS attacks. As a temporary workaround, consider restricting access to the 'options' view (options.php) until a patch is available.