CVE-2019-7331

Priority
Description
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through
1.32.3 while editing an existing monitor field named "signal check color"
(monitor.php). There exists no input validation or output filtration,
leaving it vulnerable to HTML Injection and an XSS attack.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):needed
Patches:
Upstream:https://github.com/ZoneMinder/zoneminder/commit/254b7286b4d2654b95080a175c44195667e42ea8
More Information

Updated: 2020-07-28 18:58:42 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)