CVE-2019-7352

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.4

Description A Self-Stored Cross Site Scripting (XSS) issue exists due to the lack of input validation in the 'New State' field, allowing an attacker to execute HTML or JavaScript code.

Recommendations For versions prior to 1.32.4, update to version 1.32.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the state.php view to minimize the risk of exploitation. Avoid using the newState field in the affected view until the issue is resolved.