ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.34.21"
}
]
}