ZoneMinder à 1.32.2 controlcap.php newControl[MinTiltRange] cross site scripting

EntréeÉditerHistoryDiffjsonxmlCTI

Une vulnérabilité qui a été classée problématique a été trouvée dans ZoneMinder à 1.32.2 (Video Surveillance Software). Affecté est une fonction inconnue du fichier skins/classic/views/controlcap.php. Mettre à jour à la version 1.32.3 élimine cette vulnérabilité.

Domaine18/02/2019 09:3911/05/2020 08:18
typeVideo Surveillance SoftwareVideo Surveillance Software
nameZoneMinderZoneMinder
version<=1.32.2<=1.32.2
fileskins/classic/views/controlcap.phpskins/classic/views/controlcap.php
argumentnewControl[MinTiltRange]newControl[MinTiltRange]
input_typeParameterParameter
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.73.7
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore5.25.2
cvss3_meta_tempscore4.94.9
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.14.1
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
date1550448000 (18/02/2019)1550448000 (18/02/2019)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version1.32.31.32.3
cveCVE-2019-8426CVE-2019-8426
cve_assigned15503616001550361600
cve_nvd_summaryskins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
seealso130963 130962 130961 130959 130958 130957130963 130962 130961 130959 130958 130957
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
0day_days4242
cvss3_nvd_basescore6.16.1
discoverydate1546819200

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!