CVE-2023-25825

CVSS V2 None CVSS V3 None
Description
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.
Overview
  • CVE ID
  • CVE-2023-25825
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-25T01:15:56
  • Last Modified Date
  • 2023-03-07T17:12:50
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* 1 OR 1.36.33
cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* 1 OR 1.37.0 1.37.33
History
Created Old Value New Value Data Type Notes
2023-04-17 05:26:43 Added to TrackCVE
2023-04-17 05:26:46 Weakness Enumeration new