VYPR
Unrated severityOSV Advisory· Published Feb 4, 2019· Updated Sep 17, 2024

CVE-2019-7337

CVE-2019-7337

Description

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zoneminder/ZoneminderOSV2 versions
    1.32.3, v1.25, v1.26.0, …+ 1 more
    • (no CPE)range: 1.32.3, v1.25, v1.26.0, …
    • (no CPE)range: <=1.32.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.