Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
Vulnerability Description
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
ZoneMinder 跨站脚本漏洞
Vulnerability Description
ZoneMinder是一套开源的视频监控软件系统。该系统支持IP、USB和模拟摄像机等。 ZoneMinder 1.36.26及之前版本、1.37.23及之前版本存在跨站脚本漏洞,该漏洞源于缺少输入验证,攻击者利用该漏洞可以执行代码。
CVSS Information
N/A
Vulnerability Type
N/A