Candidate: CVE-2020-25729
PublicDate: 2020-09-17 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729
 https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413
 https://forums.zoneminder.com/viewforum.php?f=1
 https://github.com/ZoneMinder/zoneminder/releases/tag/1.34.21
Description:
 ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php
 or export.php.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_zoneminder:
upstream_zoneminder: released (1.34.21-1)
precise/esm_zoneminder: DNE
trusty_zoneminder: ignored (out of standard support)
trusty/esm_zoneminder: DNE
xenial_zoneminder: ignored (end of standard support, was needs-triage)
bionic_zoneminder: DNE
focal_zoneminder: needs-triage
groovy_zoneminder: not-affected (1.34.21-1ubuntu1)
hirsute_zoneminder: not-affected (1.34.21-1ubuntu1)
impish_zoneminder: not-affected (1.34.21-1ubuntu1)
jammy_zoneminder: not-affected (1.34.21-1ubuntu1)
devel_zoneminder: not-affected (1.34.21-1ubuntu1)