PT-2024-30527 · Unknown+2 · Zoneminder+2

Connortechnology

Published

2024-08-12

Updated

2024-09-18

CVE-2024-43359

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ZoneMinder versions prior to 1.36.34 ZoneMinder versions prior to 1.37.61

Description ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters.

Recommendations For versions prior to 1.36.34, update to version 1.36.34 or later. For versions prior to 1.37.61, update to version 1.37.61 or later. As a temporary workaround, consider restricting access to the montagereview feature until a patch is applied. Avoid using the displayinterval, speed, and scale parameters in the montagereview feature until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2024-12153

ALT-PU-2024-12804

CVE-2024-43359

GHSA-PJJM-3QXP-6HJ8

Affected Products

Alt Linux

Debian

Zoneminder

PT-2024-30527 · Unknown+2 · Zoneminder+2

CVE-2024-43359

Weakness Enumeration

Related Identifiers

Affected Products

References · 15