CVE-2019-7337

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7337

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7337.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7337

Related

UBUNTU-CVE-2019-7337

Published

2019-02-04T19:29:00Z

Modified

2025-02-26T05:48:31.414661Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.

References

Affected packages

Debian:11 / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/debian/zoneminder?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.34.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/debian/zoneminder?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.34.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/debian/zoneminder?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.34.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/zoneminder/zoneminder

Affected ranges

Type: GIT
Repo: https://github.com/zoneminder/zoneminder
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

077c643da0975a75a46255d5be1a1a2aeae62069

Affected versions

1.*

1.30.1-rc.1

1.30.2

1.30.2-rc.1

1.30.3

1.30.4

1.32.0

1.32.1

1.32.2

1.32.3

v1.*

v1.25

v1.26-beta.1

v1.26-beta.2

v1.26-beta.3

v1.26.0

v1.26.1

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.27.0

v1.28.0

v1.29.0

v1.29.0-rc1

v1.29.0-rc2

v1.30.0

v1.30.0-rc1

v1.30.0-rc2