Connortechnology

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.36.34 ZoneMinder versions prior to 1.37.61 **Description** ZoneMinder has a cross-site scripting vulnerability in the filter view via the `filter[Id]`. This issue allows for potential malicious script execution. **Recommendations** For versions prior to 1.36.34, update to version 1.36.34 or later. For versions prior to 1.37.61, update to version 1.37.61 or later. As a temporary workaround, consider restricting access to the filter view until a patch is applied. Avoid using the `filter[Id]` parameter in the affected filter view to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.36.34 ZoneMinder versions prior to 1.37.61 **Description** ZoneMinder has a cross-site scripting vulnerability in the montagereview via the `displayinterval`, `speed`, and `scale` parameters. **Recommendations** For versions prior to 1.36.34, update to version 1.36.34 or later. For versions prior to 1.37.61, update to version 1.37.61 or later. As a temporary workaround, consider restricting access to the montagereview feature until a patch is applied. Avoid using the `displayinterval`, `speed`, and `scale` parameters in the montagereview feature until the issue is resolved.