UBUNTU-CVE-2019-7352

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-7352

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-7352.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-7352

Related

CVE-2019-7352

Published

2019-02-04T19:29:00Z

Modified

2025-04-23T15:06:45Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.

References

Affected packages

Ubuntu:20.04:LTS / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/ubuntu/zoneminder@1.32.3-2ubuntu2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.32.3-2build1

1.32.3-2ubuntu1

1.32.3-2ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/ubuntu/zoneminder@1.36.12+dfsg1-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36.7+dfsg1-1

1.36.10+dfsg1-1

1.36.11+dfsg1-1

1.36.12+dfsg1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/ubuntu/zoneminder@1.36.33+dfsg1-1ubuntu1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36.33+dfsg1-1build4

1.36.33+dfsg1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/ubuntu/zoneminder@1.36.33+dfsg1-1build4?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36.33+dfsg1-1build1

1.36.33+dfsg1-1build2

1.36.33+dfsg1-1build3

1.36.33+dfsg1-1build4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/ubuntu/zoneminder@1.36.35+dfsg1-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36.33+dfsg1-1ubuntu1

1.36.33+dfsg1-1ubuntu2

1.36.35+dfsg1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}