CVE-2019-7329

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.4

Description A Reflected Cross Site Scripting (XSS) issue exists due to the insecure use of $ SERVER['PHP SELF'] in the form action on multiple views. This mishandles arbitrary input appended to the webroot URL, leading to XSS, as there is no proper filtration of the input.

Recommendations For versions prior to 1.32.4, update to version 1.32.4 or later to resolve the issue. As a temporary workaround, consider implementing proper input filtration for the $ SERVER['PHP SELF'] variable to prevent XSS attacks.