CVE-2024-43359

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

History

04 Sep 2024, 21:43

Type Values Removed Values Added
First Time Zoneminder zoneminder
Zoneminder
CVSS v2 : unknown
v3 : 0.0
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*
References () https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af - () https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af - Patch
References () https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2 - () https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2 - Patch
References () https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8 - () https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8 - Third Party Advisory

13 Aug 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) ZoneMinder es una aplicación de software de circuito cerrado de televisión de código abierto y gratuita. ZoneMinder tiene una vulnerabilidad de cross site scripting en la revisión del montaje a través de los parámetros de intervalo de visualización, velocidad y escala. Esta vulnerabilidad se solucionó en 1.36.34 y 1.37.61.

12 Aug 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 21:15

Updated : 2024-09-04 21:43


NVD link : CVE-2024-43359

Mitre link : CVE-2024-43359

CVE.ORG link : CVE-2024-43359


JSON object : View

Products Affected

zoneminder

  • zoneminder
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')