Candidate: CVE-2019-7338
PublicDate: 2019-02-04 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338
 https://github.com/ZoneMinder/zoneminder/issues/2454
Description:
 Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker
 to execute HTML or JavaScript code in the view 'group' as it insecurely
 prints the 'Group Name' value on the web page without applying any proper
 filtration.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_zoneminder:
 upstream: https://github.com/ZoneMinder/zoneminder/commit/7b0ee8a6a22576b66c341ee6f09668852769cbb6
upstream_zoneminder: needs-triage
precise/esm_zoneminder: DNE
trusty_zoneminder: ignored (reached end-of-life)
trusty/esm_zoneminder: DNE (trusty was needs-triage)
xenial_zoneminder: ignored (end of standard support, was needed)
bionic_zoneminder: DNE
cosmic_zoneminder: ignored (reached end-of-life)
disco_zoneminder: ignored (reached end-of-life)
eoan_zoneminder: ignored (reached end-of-life)
focal_zoneminder: needed
groovy_zoneminder: ignored (reached end-of-life)
hirsute_zoneminder: ignored (reached end-of-life)
impish_zoneminder: needed
jammy_zoneminder: needed
devel_zoneminder: needed