Security Advisory

CVE-2017-7203

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-03-21 06:21:00

Last updated 2024-08-05 15:56:35

Assigner mitre

State PUBLISHED

Description

A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

← Browse all CVEs View on cve.org ↗