Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/385694?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "type": "apk", "namespace": "alpine", "name": "zoneminder", "version": "1.36.7-r0", "qualifiers": { "arch": "x86", "distroversion": "v3.18", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.36.31-r0", "latest_non_vulnerable_version": "1.36.33-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94237?format=api", "vulnerability_id": "VCID-11zt-rw3z-87gx", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2441" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7333", "reference_id": "CVE-2019-7333", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7333" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7333" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11zt-rw3z-87gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94256?format=api", "vulnerability_id": "VCID-23ug-uzth-tybf", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2475" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7352", "reference_id": "CVE-2019-7352", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7352" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7352" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23ug-uzth-tybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94249?format=api", "vulnerability_id": "VCID-3zrk-nztf-nqfd", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46498", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46374", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46415", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46435", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46383", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46439", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46463", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46434", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46444", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46501", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2468" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7345", "reference_id": "CVE-2019-7345", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7345" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7345" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrk-nztf-nqfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94229?format=api", "vulnerability_id": "VCID-4zbd-b8b7-tfa4", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5597", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55999", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56013", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56011", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2450" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7325", "reference_id": "CVE-2019-7325", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7325" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7325" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbd-b8b7-tfa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94240?format=api", "vulnerability_id": "VCID-5ba3-bxk1-pbht", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7336" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2457" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7336", "reference_id": "CVE-2019-7336", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7336" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7336" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ba3-bxk1-pbht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94246?format=api", "vulnerability_id": "VCID-6mdb-h6fb-c7d6", "summary": "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55722", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55561", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55673", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55695", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.557", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5574", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2461" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7342", "reference_id": "CVE-2019-7342", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7342" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7342" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mdb-h6fb-c7d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94247?format=api", "vulnerability_id": "VCID-6xnz-k4kg-eqhd", "summary": "Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2464" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7343", "reference_id": "CVE-2019-7343", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7343" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7343" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-k4kg-eqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94244?format=api", "vulnerability_id": "VCID-7x1r-12y1-ekfk", "summary": "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2462" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7340", "reference_id": "CVE-2019-7340", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7340" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7340" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7x1r-12y1-ekfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94255?format=api", "vulnerability_id": "VCID-819t-uxvx-gkdd", "summary": "Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48516", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48559", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48443", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4848", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48455", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48509", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48505", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48501", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48513", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48563", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7351" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2466" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7351", "reference_id": "CVE-2019-7351", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7351" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7351" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-819t-uxvx-gkdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94235?format=api", "vulnerability_id": "VCID-8uu9-g2r8-nyep", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named \"signal check color\" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5597", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55999", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56013", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56011", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2451" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7331", "reference_id": "CVE-2019-7331", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7331" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7331" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uu9-g2r8-nyep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94216?format=api", "vulnerability_id": "VCID-8vh1-pk4c-63hz", "summary": "A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50555", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50577", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50438", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50495", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50522", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50529", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50526", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50567", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50544", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50573", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001", "reference_id": "921001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6990", "reference_id": "CVE-2019-6990", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6990" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-6990" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vh1-pk4c-63hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94254?format=api", "vulnerability_id": "VCID-a7us-wjek-2yc5", "summary": "Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54483", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54506", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54375", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54453", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54444", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54497", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54491", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54502", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54485", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54464", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54503", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7350" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2471" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7350", "reference_id": "CVE-2019-7350", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7350" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7350" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7us-wjek-2yc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94273?format=api", "vulnerability_id": "VCID-afd6-2uyx-qubh", "summary": "ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53823", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53843", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53735", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53786", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53834", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53818", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53802", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53839", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423" }, { "reference_url": "https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewseventsphp-line-44-sql-injection", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewseventsphp-line-44-sql-injection" }, { "reference_url": "https://www.seebug.org/vuldb/ssvid-97761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.seebug.org/vuldb/ssvid-97761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8423", "reference_id": "CVE-2019-8423", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8423" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-8423" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afd6-2uyx-qubh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94214?format=api", "vulnerability_id": "VCID-cccj-wgfh-3fg4", "summary": "An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53907", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53926", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53799", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53819", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53846", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53871", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53868", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53899", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53883", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53921", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777" }, { "reference_url": "https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2436" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375", "reference_id": "920375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6777", "reference_id": "CVE-2019-6777", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6777" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-6777" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-wgfh-3fg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94232?format=api", "vulnerability_id": "VCID-dk87-j5dz-6bed", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7328" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7328", "reference_id": "CVE-2019-7328", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7328" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7328" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk87-j5dz-6bed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94217?format=api", "vulnerability_id": "VCID-dpp2-3t2d-d3e4", "summary": "A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.9003", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90032", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89973", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89975", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90008", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90031", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2478" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/pull/2482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/pull/2482" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000", "reference_id": "921000", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6991", "reference_id": "CVE-2019-6991", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6991" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-6991" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpp2-3t2d-d3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94236?format=api", "vulnerability_id": "VCID-dz5v-tqce-a7ew", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2442" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7332", "reference_id": "CVE-2019-7332", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7332" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7332" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dz5v-tqce-a7ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94239?format=api", "vulnerability_id": "VCID-edec-sj6n-n7d7", "summary": "Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2453" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7335", "reference_id": "CVE-2019-7335", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7335" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7335" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edec-sj6n-n7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94243?format=api", "vulnerability_id": "VCID-fnhr-cs7k-gkeu", "summary": "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2460" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7339", "reference_id": "CVE-2019-7339", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7339" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7339" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhr-cs7k-gkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94218?format=api", "vulnerability_id": "VCID-g1r5-fbsj-n3dr", "summary": "A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53922", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53942", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53814", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53833", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53861", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53835", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53887", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53885", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53932", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53914", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53898", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53936", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6992" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2445" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999", "reference_id": "920999", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6992", "reference_id": "CVE-2019-6992", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6992" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-6992" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1r5-fbsj-n3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93954?format=api", "vulnerability_id": "VCID-hpah-sv5y-8bde", "summary": "Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49438", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49466", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49493", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49501", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49496", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49513", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49485", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49488", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49534", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49533", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49503", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-13072" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpah-sv5y-8bde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94245?format=api", "vulnerability_id": "VCID-jmdh-m4ty-gqch", "summary": "Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2463", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7341", "reference_id": "CVE-2019-7341", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7341" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7341" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdh-m4ty-gqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94230?format=api", "vulnerability_id": "VCID-kgpe-97pr-suee", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5597", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55999", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56013", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56011", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7326" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2452" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7326", "reference_id": "CVE-2019-7326", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7326" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7326" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgpe-97pr-suee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94251?format=api", "vulnerability_id": "VCID-p916-xnk3-rkce", "summary": "A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67425", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67313", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67349", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67372", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.6735", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67401", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67414", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67435", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67389", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2476" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7347", "reference_id": "CVE-2019-7347", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7347" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7347" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p916-xnk3-rkce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94233?format=api", "vulnerability_id": "VCID-pr1z-g8aw-tqez", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55969", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55994", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55817", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55929", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5598", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55973", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55991", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7329", "reference_id": "CVE-2019-7329", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7329" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7329" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1z-g8aw-tqez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94234?format=api", "vulnerability_id": "VCID-qn8h-k43x-p7cs", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2448" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7330", "reference_id": "CVE-2019-7330", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7330" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7330" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn8h-k43x-p7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94242?format=api", "vulnerability_id": "VCID-qxmt-szsx-y7a8", "summary": "Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2454" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7338", "reference_id": "CVE-2019-7338", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7338" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7338" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxmt-szsx-y7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94252?format=api", "vulnerability_id": "VCID-qxtk-taxx-1kde", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5182", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51839", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51688", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51764", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51779", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51776", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51826", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51832", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7348" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2467" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7348", "reference_id": "CVE-2019-7348", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7348" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7348" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxtk-taxx-1kde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94241?format=api", "vulnerability_id": "VCID-t5fd-hvgs-sue7", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55219", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55239", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55175", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55199", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55174", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55223", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55236", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2456" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7337", "reference_id": "CVE-2019-7337", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7337" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7337" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fd-hvgs-sue7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94253?format=api", "vulnerability_id": "VCID-ug2b-2eg5-jfbb", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2465" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7349", "reference_id": "CVE-2019-7349", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7349" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7349" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ug2b-2eg5-jfbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94248?format=api", "vulnerability_id": "VCID-ukjs-5za3-xqdb", "summary": "Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2455" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7344", "reference_id": "CVE-2019-7344", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7344" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7344" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukjs-5za3-xqdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94231?format=api", "vulnerability_id": "VCID-wdng-puzu-5kah", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7327" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2447" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7327", "reference_id": "CVE-2019-7327", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7327" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7327" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdng-puzu-5kah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94250?format=api", "vulnerability_id": "VCID-xj45-xv47-ruhe", "summary": "A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39153", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39241", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3925", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39247", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39274", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39236", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39271", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2469" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7346", "reference_id": "CVE-2019-7346", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7346" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7346" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj45-xv47-ruhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94238?format=api", "vulnerability_id": "VCID-y3vt-x7b1-4yer", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7334", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7334" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7334", "reference_id": "CVE-2019-7334", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2019-7334" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vt-x7b1-4yer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94515?format=api", "vulnerability_id": "VCID-yxpy-5fmj-cbb7", "summary": "ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67069", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67106", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.6713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67104", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67167", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67172", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67141", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67175", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67189", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67169", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385694?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" } ], "aliases": [ "CVE-2020-25729" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxpy-5fmj-cbb7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86&distroversion=v3.18&reponame=community" }