CVE-2019-6990

Published: Jan 28, 2019

Modified: Sep 16, 2024

PUBLISHED

Description

A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a

x_refsource_MISC

https://github.com/ZoneMinder/zoneminder/issues/2444

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-6990

Description

Affected Products

References