PT-2024-30526 · Unknown+2 · Zoneminder+2
Connortechnology
·
Published
2024-08-12
·
Updated
2024-09-18
·
CVE-2024-43358
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ZoneMinder versions prior to 1.36.34
ZoneMinder versions prior to 1.37.61
Description
ZoneMinder has a cross-site scripting vulnerability in the filter view via the
filter[Id]. This issue allows for potential malicious script execution.Recommendations
For versions prior to 1.36.34, update to version 1.36.34 or later.
For versions prior to 1.37.61, update to version 1.37.61 or later.
As a temporary workaround, consider restricting access to the filter view until a patch is applied. Avoid using the
filter[Id] parameter in the affected filter view to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Zoneminder