CVE-2019-7336

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7336

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7336.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7336

Downstream

DEBIAN-CVE-2019-7336

UBUNTU-CVE-2019-7336

Published

2019-02-04T19:29:00.850Z

Modified

2025-11-14T09:57:44.348073Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view monitorfilters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.

References

https://github.com/ZoneMinder/zoneminder/issues/2457

Affected packages

Git / github.com/zoneminder/zoneminder

Affected ranges

Type: GIT
Repo: https://github.com/zoneminder/zoneminder
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

077c643da0975a75a46255d5be1a1a2aeae62069

Affected versions

1.*

1.30.1-rc.1

1.30.2

1.30.2-rc.1

1.30.3

1.30.4

1.32.0

1.32.1

1.32.2

1.32.3

v1.*

v1.25

v1.26-beta.1

v1.26-beta.2

v1.26-beta.3

v1.26.0

v1.26.1

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.27.0

v1.28.0

v1.29.0

v1.29.0-rc1

v1.29.0-rc2

v1.30.0

v1.30.0-rc1

v1.30.0-rc2