2019-02-04 19:00:00
mitre
PUBLISHED
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER[PHP_SELF] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.