CVE-2019-7331

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.32.4

Description A Self-Stored Cross Site Scripting (XSS) issue exists when editing an existing monitor field named "signal check color" in monitor.php. The lack of input validation and output filtration makes it vulnerable to HTML Injection and an XSS attack.

Recommendations For ZoneMinder versions prior to 1.32.4, update to version 1.32.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the monitor.php page, specifically the "signal check color" field, until a patch is applied. Avoid using the vulnerable field until the issue is resolved.