CVE-2019-7335

Description

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.

How to fix CVE-2019-7335

To remediate CVE-2019-7335, upgrade the affected package to a fixed version below.

Debian/zoneminder—upgrade to 1.34.6-1 or later

Is CVE-2019-7335 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.34.6-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-7335