Vulnerability Description
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoneminder | Zoneminder | < 1.36.33 |
Related Weaknesses (CWE)
References
- https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f563Patch
- https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4Patch
- https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5aPatch
- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6vExploitPatchVendor Advisory
- https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f563Patch
- https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4Patch
- https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5aPatch
- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6vExploitPatchVendor Advisory
FAQ
What is CVE-2023-25825?
CVE-2023-25825 is a vulnerability with a CVSS score of 7.7 (HIGH). ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. ...
How severe is CVE-2023-25825?
CVE-2023-25825 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25825?
Check the references section above for vendor advisories and patch information. Affected products include: Zoneminder Zoneminder.