CVE-2019-7335

Priority
Description
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker
to execute HTML or JavaScript code in the view 'log' as it insecurely
prints the 'Log Message' value on the web page without applying any proper
filtration. This relates to the view=logs value.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):needed
Patches:
Upstream:https://github.com/ZoneMinder/zoneminder/commit/255806bd549392114af4306422cd23445e843259
Upstream:https://github.com/ZoneMinder/zoneminder/commit/9d6091e27146e1e8abacbd732d697dbd2ccc3126
More Information

Updated: 2020-07-28 18:58:42 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)