Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

Type deb

Namespace debian

Name zoneminder

Version 1.36.33+dfsg1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.36.35+dfsg1-1

Latest_non_vulnerable_version 1.36.37+dfsg1-1

Affected_by_vulnerabilities

url VCID-3xuk-942c-kkbf

vulnerability_id VCID-3xuk-942c-kkbf

summary ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43359

reference_id

reference_type

scores

value	0.00262
scoring_system	epss
scoring_elements	0.49564
published_at	2026-04-18T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49533
published_at	2026-04-08T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49529
published_at	2026-04-09T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49546
published_at	2026-04-11T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49518
published_at	2026-04-12T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.4952
published_at	2026-04-13T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49567
published_at	2026-04-16T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49499
published_at	2026-04-02T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49526
published_at	2026-04-04T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49478
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359

reference_url

https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af

reference_id

6cc64dddff6144a98680f65ecf8dc249028431af

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/

url

https://github.com/ZoneMinder/zoneminder/commit/6cc64dddff6144a98680f65ecf8dc249028431af

reference_url

https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2

reference_id

b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/

url

https://github.com/ZoneMinder/zoneminder/commit/b51c5df0cb869ca48fccfc6e6fd7c19bf717ecd2

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8

reference_id

GHSA-pjjm-3qxp-6hj8

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:03:34Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-pjjm-3qxp-6hj8

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2024-43359

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xuk-942c-kkbf

url VCID-4mfm-zzrx-6ffb

vulnerability_id VCID-4mfm-zzrx-6ffb

summary ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43358

reference_id

reference_type

scores

value	0.01323
scoring_system	epss
scoring_elements	0.79917
published_at	2026-04-18T12:55:00Z

value	0.01323
scoring_system	epss
scoring_elements	0.79856
published_at	2026-04-07T12:55:00Z

value	0.01323
scoring_system	epss
scoring_elements	0.79885
published_at	2026-04-08T12:55:00Z

value	0.01323
scoring_system	epss
scoring_elements	0.79892
published_at	2026-04-09T12:55:00Z

value	0.01323
scoring_system	epss
scoring_elements	0.79912
published_at	2026-04-11T12:55:00Z

value	0.01323
scoring_system	epss
scoring_elements	0.79895
published_at	2026-04-12T12:55:00Z

value	0.01323
scoring_system	epss
scoring_elements	0.79888
published_at	2026-04-13T12:55:00Z

value	0.01323
scoring_system	epss
scoring_elements	0.79847
published_at	2026-04-02T12:55:00Z

value	0.01323
scoring_system	epss
scoring_elements	0.79868
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43358

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358

reference_url

https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77

reference_id

062cf568a33fb6a8604ec327b1de8bb2e0d1ff77

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/

url

https://github.com/ZoneMinder/zoneminder/commit/062cf568a33fb6a8604ec327b1de8bb2e0d1ff77

reference_url

https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0

reference_id

4602cd0470a3b90b18bcc44b3c86d963872d1ba0

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/

url

https://github.com/ZoneMinder/zoneminder/commit/4602cd0470a3b90b18bcc44b3c86d963872d1ba0

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f

reference_id

GHSA-6rrw-66rf-6g5f

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T13:39:31Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6rrw-66rf-6g5f

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2024-43358

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mfm-zzrx-6ffb

url VCID-7x51-uyq2-9qax

vulnerability_id VCID-7x51-uyq2-9qax

summary ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-41884

reference_id

reference_type

scores

value	0.00359
scoring_system	epss
scoring_elements	0.58151
published_at	2026-04-18T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58144
published_at	2026-04-08T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58148
published_at	2026-04-09T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58163
published_at	2026-04-11T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.5814
published_at	2026-04-12T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.5812
published_at	2026-04-13T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58094
published_at	2026-04-02T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58115
published_at	2026-04-04T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.5809
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-41884

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41884

reference_url

https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a

reference_id

677f6a31551f128554f7b0110a52fd76453a657a

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/

url

https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a

reference_url

https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6

reference_id

a194fe81d34c5eea2ab1dc18dc8df615fca634a6

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/

url

https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96

reference_id

GHSA-2qp3-fwpv-mc96

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T17:33:59Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-2qp3-fwpv-mc96

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-41884

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7x51-uyq2-9qax

url VCID-mdkd-vmcp-afa8

vulnerability_id VCID-mdkd-vmcp-afa8

summary ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43360

reference_id

reference_type

scores

value	0.62094
scoring_system	epss
scoring_elements	0.98347
published_at	2026-04-09T12:55:00Z

value	0.62094
scoring_system	epss
scoring_elements	0.9835
published_at	2026-04-13T12:55:00Z

value	0.62094
scoring_system	epss
scoring_elements	0.98337
published_at	2026-04-02T12:55:00Z

value	0.62094
scoring_system	epss
scoring_elements	0.98339
published_at	2026-04-04T12:55:00Z

value	0.62094
scoring_system	epss
scoring_elements	0.98341
published_at	2026-04-07T12:55:00Z

value	0.63252
scoring_system	epss
scoring_elements	0.98405
published_at	2026-04-18T12:55:00Z

value	0.63252
scoring_system	epss
scoring_elements	0.98407
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360

reference_url

https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a

reference_id

677f6a31551f128554f7b0110a52fd76453a657a

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/

url

https://github.com/ZoneMinder/zoneminder/commit/677f6a31551f128554f7b0110a52fd76453a657a

reference_url

https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6

reference_id

a194fe81d34c5eea2ab1dc18dc8df615fca634a6

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/

url

https://github.com/ZoneMinder/zoneminder/commit/a194fe81d34c5eea2ab1dc18dc8df615fca634a6

reference_url

https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397

reference_id

bb07118118e23b5670c2c18be8be2cc6b8529397

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/

url

https://github.com/ZoneMinder/zoneminder/commit/bb07118118e23b5670c2c18be8be2cc6b8529397

reference_url

https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5

reference_id

de8f387207e9c506e8e8007eda725741a25601c5

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/

url

https://github.com/ZoneMinder/zoneminder/commit/de8f387207e9c506e8e8007eda725741a25601c5

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj

reference_id

GHSA-9cmr-7437-v9fj

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-15T18:53:18Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2024-43360

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkd-vmcp-afa8

Fixing_vulnerabilities

url VCID-11zt-rw3z-87gx

vulnerability_id VCID-11zt-rw3z-87gx

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7333

reference_id

reference_type

scores

value	0.00358
scoring_system	epss
scoring_elements	0.58087
published_at	2026-04-18T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58056
published_at	2026-04-13T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.57943
published_at	2026-04-01T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58027
published_at	2026-04-02T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5805
published_at	2026-04-04T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58025
published_at	2026-04-07T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5808
published_at	2026-04-08T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58083
published_at	2026-04-09T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.581
published_at	2026-04-11T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58077
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7333

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2441
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2441

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7333

reference_id

CVE-2019-7333

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7333

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7333

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11zt-rw3z-87gx

url VCID-1b3u-17mt-5qfe

vulnerability_id VCID-1b3u-17mt-5qfe

summary ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-51482

reference_id

reference_type

scores

value	0.53071
scoring_system	epss
scoring_elements	0.97945
published_at	2026-04-02T12:55:00Z

value	0.53071
scoring_system	epss
scoring_elements	0.97954
published_at	2026-04-08T12:55:00Z

value	0.53071
scoring_system	epss
scoring_elements	0.97949
published_at	2026-04-07T12:55:00Z

value	0.53071
scoring_system	epss
scoring_elements	0.97946
published_at	2026-04-04T12:55:00Z

value	0.549
scoring_system	epss
scoring_elements	0.98055
published_at	2026-04-18T12:55:00Z

value	0.549
scoring_system	epss
scoring_elements	0.98043
published_at	2026-04-09T12:55:00Z

value	0.549
scoring_system	epss
scoring_elements	0.98048
published_at	2026-04-11T12:55:00Z

value	0.549
scoring_system	epss
scoring_elements	0.98049
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-51482

reference_url

https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f

reference_id

9e7d31841ed9678a7dd06869037686fc9925e59f

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-31T19:38:43Z/

url

https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3

reference_id

GHSA-qm8h-3xvf-m7j3

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-31T19:38:43Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3

fixed_packages

url	pkg:deb/debian/zoneminder@0?distro=trixie
purl	pkg:deb/debian/zoneminder@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@0%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2024-51482

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1b3u-17mt-5qfe

url VCID-23ug-uzth-tybf

vulnerability_id VCID-23ug-uzth-tybf

summary Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7352

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55838
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55661
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55772
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55795
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55775
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55826
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55829
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7352

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2475
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2475

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7352

reference_id

CVE-2019-7352

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7352

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7352

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23ug-uzth-tybf

url VCID-35hj-x1e2-eug1

vulnerability_id VCID-35hj-x1e2-eug1

summary ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-8428

reference_id

reference_type

scores

value	0.00329
scoring_system	epss
scoring_elements	0.55887
published_at	2026-04-18T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55882
published_at	2026-04-16T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55707
published_at	2026-04-01T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.5582
published_at	2026-04-02T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55843
published_at	2026-04-04T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55821
published_at	2026-04-07T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55872
published_at	2026-04-08T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55875
published_at	2026-04-09T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55885
published_at	2026-04-11T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55865
published_at	2026-04-12T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55846
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-8428

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428

reference_url	https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli
reference_id
reference_type
scores
url	https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli

reference_url	https://www.seebug.org/vuldb/ssvid-97765
reference_id
reference_type
scores
url	https://www.seebug.org/vuldb/ssvid-97765

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-8428

reference_id

CVE-2019-8428

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-8428

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-8428

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35hj-x1e2-eug1

url VCID-3zrk-nztf-nqfd

vulnerability_id VCID-3zrk-nztf-nqfd

summary Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7345

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.46498
published_at	2026-04-18T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46501
published_at	2026-04-16T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46374
published_at	2026-04-01T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46415
published_at	2026-04-02T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46435
published_at	2026-04-04T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46383
published_at	2026-04-07T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46439
published_at	2026-04-09T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46463
published_at	2026-04-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46434
published_at	2026-04-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46444
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2468
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2468

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7345

reference_id

CVE-2019-7345

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7345

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7345

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrk-nztf-nqfd

url VCID-4qtk-7myx-vfcd

vulnerability_id VCID-4qtk-7myx-vfcd

summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26035

reference_id

reference_type

scores

value	0.55722
scoring_system	epss
scoring_elements	0.98074
published_at	2026-04-02T12:55:00Z

value	0.55722
scoring_system	epss
scoring_elements	0.98078
published_at	2026-04-04T12:55:00Z

value	0.55722
scoring_system	epss
scoring_elements	0.98079
published_at	2026-04-07T12:55:00Z

value	0.55722
scoring_system	epss
scoring_elements	0.98083
published_at	2026-04-08T12:55:00Z

value	0.55722
scoring_system	epss
scoring_elements	0.98084
published_at	2026-04-09T12:55:00Z

value	0.55722
scoring_system	epss
scoring_elements	0.98089
published_at	2026-04-12T12:55:00Z

value	0.55722
scoring_system	epss
scoring_elements	0.9809
published_at	2026-04-13T12:55:00Z

value	0.55722
scoring_system	epss
scoring_elements	0.98095
published_at	2026-04-16T12:55:00Z

value	0.55722
scoring_system	epss
scoring_elements	0.98097
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035

fixed_packages

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-26035

risk_score 1.0

exploitability 2.0

weighted_severity 0.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qtk-7myx-vfcd

url VCID-4zbd-b8b7-tfa4

vulnerability_id VCID-4zbd-b8b7-tfa4

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7325

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.56014
published_at	2026-04-18T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56011
published_at	2026-04-16T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-01T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55949
published_at	2026-04-02T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.5597
published_at	2026-04-04T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55948
published_at	2026-04-07T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55999
published_at	2026-04-08T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56002
published_at	2026-04-09T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56013
published_at	2026-04-11T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55993
published_at	2026-04-12T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55975
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2450
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2450

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7325

reference_id

CVE-2019-7325

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7325

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7325

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbd-b8b7-tfa4

url VCID-578u-3ew5-qyh5

vulnerability_id VCID-578u-3ew5-qyh5

summary Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.

references

reference_url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912
reference_id
reference_type
scores
url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0332

reference_id

reference_type

scores

value	0.31131
scoring_system	epss
scoring_elements	0.96765
published_at	2026-04-18T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96725
published_at	2026-04-01T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96735
published_at	2026-04-02T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96736
published_at	2026-04-04T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96741
published_at	2026-04-07T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96748
published_at	2026-04-08T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96749
published_at	2026-04-09T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96752
published_at	2026-04-12T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96755
published_at	2026-04-13T12:55:00Z

value	0.31131
scoring_system	epss
scoring_elements	0.96761
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0332

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0332

reference_url	http://www.debian.org/security/2013/dsa-2640
reference_id
reference_type
scores
url	http://www.debian.org/security/2013/dsa-2640

reference_url	http://www.openwall.com/lists/oss-security/2013/02/21/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/02/21/8

reference_url	http://www.openwall.com/lists/oss-security/2013/02/21/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/02/21/9

reference_url	http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979
reference_id
reference_type
scores
url	http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979

reference_url	http://www.zoneminder.com/wiki/index.php/Change_History
reference_id
reference_type
scores
url	http://www.zoneminder.com/wiki/index.php/Change_History

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912
reference_id	700912
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0332

reference_id

CVE-2013-0332

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0332

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17593.txt
reference_id	OSVDB-74198;CVE-2013-0332
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17593.txt

fixed_packages

url	pkg:deb/debian/zoneminder@1.25.0-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.25.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.25.0-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2013-0332

risk_score 9.0

exploitability 2.0

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-578u-3ew5-qyh5

url VCID-5ba3-bxk1-pbht

vulnerability_id VCID-5ba3-bxk1-pbht

summary Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7336

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55838
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55661
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55772
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55795
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55775
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55826
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55829
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7336

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2457
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2457

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7336

reference_id

CVE-2019-7336

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7336

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7336

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ba3-bxk1-pbht

url VCID-619e-k5cr-nyap

vulnerability_id VCID-619e-k5cr-nyap

summary Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-3881

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.52029
published_at	2026-04-18T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51871
published_at	2026-04-01T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51919
published_at	2026-04-02T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51946
published_at	2026-04-04T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.5191
published_at	2026-04-07T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51964
published_at	2026-04-08T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51963
published_at	2026-04-09T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52015
published_at	2026-04-11T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51997
published_at	2026-04-12T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.51981
published_at	2026-04-13T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52023
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-3881

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3881
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3881

reference_url	http://secunia.com/advisories/31636
reference_id
reference_type
scores
url	http://secunia.com/advisories/31636

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44725
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44725

reference_url	http://www.securityfocus.com/archive/1/495745/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/495745/100/0/threaded

reference_url	http://www.securityfocus.com/bid/30843
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/30843

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497640
reference_id	497640
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497640

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-3881

reference_id

CVE-2008-3881

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2008-3881

fixed_packages

url	pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.24.1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2008-3881

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-619e-k5cr-nyap

url VCID-643r-dxjk-63d2

vulnerability_id VCID-643r-dxjk-63d2

summary zoneminder: command injection, SQL injection and multiple XSS issues (CVE-2008-3882, CVE-2008-3880, CVE-2008-3881)

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3880.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3880.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-3880

reference_id

reference_type

scores

value	0.00422
scoring_system	epss
scoring_elements	0.6212
published_at	2026-04-18T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.61944
published_at	2026-04-01T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62015
published_at	2026-04-07T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62047
published_at	2026-04-04T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62065
published_at	2026-04-08T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62083
published_at	2026-04-09T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62103
published_at	2026-04-11T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62093
published_at	2026-04-12T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62072
published_at	2026-04-13T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62115
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-3880

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3880
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3880

reference_url	http://secunia.com/advisories/31636
reference_id
reference_type
scores
url	http://secunia.com/advisories/31636

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44726
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44726

reference_url	http://www.securityfocus.com/archive/1/495745/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/495745/100/0/threaded

reference_url	http://www.securityfocus.com/bid/30843
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/30843

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=460280
reference_id	460280
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=460280

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497640
reference_id	497640
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497640

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-3880

reference_id

CVE-2008-3880

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2008-3880

fixed_packages

url	pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.24.1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2008-3880

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-643r-dxjk-63d2

url VCID-64wa-wgn6-nub8

vulnerability_id VCID-64wa-wgn6-nub8

summary ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-6756

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11464
published_at	2026-04-01T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11591
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11645
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11434
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.1152
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11579
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.1159
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11555
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.1153
published_at	2026-04-13T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11389
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-6756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6756
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6756

fixed_packages

url	pkg:deb/debian/zoneminder@1.22.3-5?distro=trixie
purl	pkg:deb/debian/zoneminder@1.22.3-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.22.3-5%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2008-6756

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64wa-wgn6-nub8

url VCID-694p-mbsg-e7f6

vulnerability_id VCID-694p-mbsg-e7f6

summary Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5367

reference_id

reference_type

scores

value	0.00492
scoring_system	epss
scoring_elements	0.65556
published_at	2026-04-01T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65604
published_at	2026-04-02T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65634
published_at	2026-04-04T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.656
published_at	2026-04-07T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65652
published_at	2026-04-08T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65664
published_at	2026-04-09T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65684
published_at	2026-04-11T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.6567
published_at	2026-04-12T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65641
published_at	2026-04-13T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65676
published_at	2026-04-16T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65689
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733
reference_id	854733
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2017-5367

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-694p-mbsg-e7f6

url VCID-6mdb-h6fb-c7d6

vulnerability_id VCID-6mdb-h6fb-c7d6

summary POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7342

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55744
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5574
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55561
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55673
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55695
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55674
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55725
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55728
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55737
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55717
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.557
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7342

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2461
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2461

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7342

reference_id

CVE-2019-7342

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7342

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7342

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mdb-h6fb-c7d6

url VCID-6xnz-k4kg-eqhd

vulnerability_id VCID-6xnz-k4kg-eqhd

summary Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7343

reference_id

reference_type

scores

value	0.00358
scoring_system	epss
scoring_elements	0.58087
published_at	2026-04-18T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58056
published_at	2026-04-13T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.57943
published_at	2026-04-01T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58027
published_at	2026-04-02T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5805
published_at	2026-04-04T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58025
published_at	2026-04-07T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5808
published_at	2026-04-08T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58083
published_at	2026-04-09T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.581
published_at	2026-04-11T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58077
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7343

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2464
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2464

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7343

reference_id

CVE-2019-7343

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7343

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7343

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-k4kg-eqhd

url VCID-7vc9-wfjb-t3ba

vulnerability_id VCID-7vc9-wfjb-t3ba

summary ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39285

reference_id

reference_type

scores

value	0.01852
scoring_system	epss
scoring_elements	0.83044
published_at	2026-04-18T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.83001
published_at	2026-04-09T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.83017
published_at	2026-04-11T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.83011
published_at	2026-04-12T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.83006
published_at	2026-04-13T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.83045
published_at	2026-04-16T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.82959
published_at	2026-04-02T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.82972
published_at	2026-04-04T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.82969
published_at	2026-04-07T12:55:00Z

value	0.01852
scoring_system	epss
scoring_elements	0.82994
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39285

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
reference_id	1021565
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565

reference_url

https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d

reference_id

c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/

url

https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py
reference_id	CVE-2022-39291;CVE-2022-39290;CVE-2022-39285
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py

reference_url

https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59

reference_id

d289eb48601a76e34feea3c1683955337b1fae59

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/

url

https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433

reference_id

GHSA-h6xp-cvwv-q433

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433

reference_url

http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

reference_id

Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/

url

http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.31%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.31%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.31%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2022-39285

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vc9-wfjb-t3ba

url VCID-7x1r-12y1-ekfk

vulnerability_id VCID-7x1r-12y1-ekfk

summary POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7340

reference_id

reference_type

scores

value	0.00358
scoring_system	epss
scoring_elements	0.58087
published_at	2026-04-18T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58056
published_at	2026-04-13T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.57943
published_at	2026-04-01T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58027
published_at	2026-04-02T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5805
published_at	2026-04-04T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58025
published_at	2026-04-07T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5808
published_at	2026-04-08T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58083
published_at	2026-04-09T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.581
published_at	2026-04-11T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58077
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7340

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2462
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2462

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7340

reference_id

CVE-2019-7340

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7340

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7340

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7x1r-12y1-ekfk

url VCID-8uu9-g2r8-nyep

vulnerability_id VCID-8uu9-g2r8-nyep

summary Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7331

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.56014
published_at	2026-04-18T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56011
published_at	2026-04-16T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-01T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55949
published_at	2026-04-02T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.5597
published_at	2026-04-04T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55948
published_at	2026-04-07T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55999
published_at	2026-04-08T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56002
published_at	2026-04-09T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56013
published_at	2026-04-11T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55993
published_at	2026-04-12T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55975
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2451
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2451

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7331

reference_id

CVE-2019-7331

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7331

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7331

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uu9-g2r8-nyep

url VCID-8vh1-pk4c-63hz

vulnerability_id VCID-8vh1-pk4c-63hz

summary A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6990

reference_id

reference_type

scores

value	0.0027
scoring_system	epss
scoring_elements	0.50577
published_at	2026-04-18T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50573
published_at	2026-04-16T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50438
published_at	2026-04-01T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50495
published_at	2026-04-02T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50522
published_at	2026-04-04T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50475
published_at	2026-04-07T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50529
published_at	2026-04-13T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50526
published_at	2026-04-09T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50567
published_at	2026-04-11T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50544
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6990

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990

reference_url	https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2444
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2444

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001
reference_id	921001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6990

reference_id

CVE-2019-6990

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6990

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
purl	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-6990

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vh1-pk4c-63hz

url VCID-95ub-6q5w-p3cm

vulnerability_id VCID-95ub-6q5w-p3cm

summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26039

reference_id

reference_type

scores

value	0.05839
scoring_system	epss
scoring_elements	0.90558
published_at	2026-04-18T12:55:00Z

value	0.05839
scoring_system	epss
scoring_elements	0.90559
published_at	2026-04-16T12:55:00Z

value	0.05839
scoring_system	epss
scoring_elements	0.90504
published_at	2026-04-02T12:55:00Z

value	0.05839
scoring_system	epss
scoring_elements	0.90514
published_at	2026-04-04T12:55:00Z

value	0.05839
scoring_system	epss
scoring_elements	0.9052
published_at	2026-04-07T12:55:00Z

value	0.05839
scoring_system	epss
scoring_elements	0.90533
published_at	2026-04-08T12:55:00Z

value	0.05839
scoring_system	epss
scoring_elements	0.90539
published_at	2026-04-09T12:55:00Z

value	0.05839
scoring_system	epss
scoring_elements	0.90547
published_at	2026-04-12T12:55:00Z

value	0.05839
scoring_system	epss
scoring_elements	0.90541
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26039
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26039

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g

reference_id

GHSA-44q8-h2pw-cc9g

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:56:57Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g

fixed_packages

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-26039

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ub-6q5w-p3cm

url VCID-9kh5-715y-pud4

vulnerability_id VCID-9kh5-715y-pud4

summary ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39290

reference_id

reference_type

scores

value	0.04003
scoring_system	epss
scoring_elements	0.88445
published_at	2026-04-18T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88434
published_at	2026-04-12T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88433
published_at	2026-04-13T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88448
published_at	2026-04-16T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88392
published_at	2026-04-02T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88401
published_at	2026-04-04T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88405
published_at	2026-04-07T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88425
published_at	2026-04-08T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88431
published_at	2026-04-09T12:55:00Z

value	0.04003
scoring_system	epss
scoring_elements	0.88442
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
reference_id	1021565
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565

reference_url

https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d

reference_id

c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/

url

https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q

reference_id

GHSA-xgv6-qv6c-399q

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q

reference_url

http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

reference_id

Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/

url

http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.31%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.31%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.31%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2022-39290

risk_score 10.0

exploitability 2.0

weighted_severity 7.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kh5-715y-pud4

url VCID-9rr3-tdb4-1kdm

vulnerability_id VCID-9rr3-tdb4-1kdm

summary ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000832

reference_id

reference_type

scores

value	0.0816
scoring_system	epss
scoring_elements	0.92151
published_at	2026-04-01T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92158
published_at	2026-04-02T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92164
published_at	2026-04-04T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92167
published_at	2026-04-07T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92179
published_at	2026-04-08T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92182
published_at	2026-04-09T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92187
published_at	2026-04-11T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92188
published_at	2026-04-12T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92184
published_at	2026-04-13T12:55:00Z

value	0.0816
scoring_system	epss
scoring_elements	0.92194
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000832

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000832
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000832

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024
reference_id	917024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024

fixed_packages

url	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
purl	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2018-1000832

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9rr3-tdb4-1kdm

url VCID-aqfu-4m9a-hbd4

vulnerability_id VCID-aqfu-4m9a-hbd4

summary A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7203

reference_id

reference_type

scores

value	0.00283
scoring_system	epss
scoring_elements	0.51767
published_at	2026-04-18T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51761
published_at	2026-04-16T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51622
published_at	2026-04-01T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51673
published_at	2026-04-02T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51698
published_at	2026-04-04T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51659
published_at	2026-04-07T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51713
published_at	2026-04-08T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51709
published_at	2026-04-09T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51758
published_at	2026-04-11T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51736
published_at	2026-04-12T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5172
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7203

reference_url	https://github.com/ZoneMinder/ZoneMinder/issues/1797
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/ZoneMinder/issues/1797

reference_url	http://www.securityfocus.com/bid/97001
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97001

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858329
reference_id	858329
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858329

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.30.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.30.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.30.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7203

reference_id

CVE-2017-7203

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7203

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2017-7203

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aqfu-4m9a-hbd4

url VCID-cccj-wgfh-3fg4

vulnerability_id VCID-cccj-wgfh-3fg4

summary An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6777

reference_id

reference_type

scores

value	0.00307
scoring_system	epss
scoring_elements	0.53926
published_at	2026-04-18T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53921
published_at	2026-04-16T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53799
published_at	2026-04-01T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53819
published_at	2026-04-07T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53846
published_at	2026-04-04T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53871
published_at	2026-04-08T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53868
published_at	2026-04-09T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53916
published_at	2026-04-11T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53899
published_at	2026-04-12T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53883
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777

reference_url	https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41
reference_id
reference_type
scores
url	https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2436
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2436

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375
reference_id	920375
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.32.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6777

reference_id

CVE-2019-6777

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6777

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
purl	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-6777

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-wgfh-3fg4

url VCID-ce64-m9xt-wkec

vulnerability_id VCID-ce64-m9xt-wkec

summary ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-6755

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43099
published_at	2026-04-01T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43158
published_at	2026-04-02T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43185
published_at	2026-04-04T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43123
published_at	2026-04-07T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43176
published_at	2026-04-08T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43189
published_at	2026-04-09T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.4321
published_at	2026-04-11T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43177
published_at	2026-04-12T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43162
published_at	2026-04-13T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43221
published_at	2026-04-16T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43211
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-6755

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6755
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6755

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528252
reference_id	528252
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528252

fixed_packages

url	pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.24.1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2008-6755

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ce64-m9xt-wkec

url VCID-d117-rhnc-rkhf

vulnerability_id VCID-d117-rhnc-rkhf

summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26034

reference_id

reference_type

scores

value	0.02352
scoring_system	epss
scoring_elements	0.84925
published_at	2026-04-18T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.84924
published_at	2026-04-16T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.84842
published_at	2026-04-02T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.8486
published_at	2026-04-04T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.84861
published_at	2026-04-07T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.84884
published_at	2026-04-08T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.84891
published_at	2026-04-09T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.8491
published_at	2026-04-11T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.84908
published_at	2026-04-12T12:55:00Z

value	0.02352
scoring_system	epss
scoring_elements	0.84902
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26034

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26034
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26034

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx

reference_id

GHSA-222j-wh8m-xjrx

reference_type

scores

value	9.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:00:55Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx

fixed_packages

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-26034

risk_score 4.3

exploitability 0.5

weighted_severity 8.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d117-rhnc-rkhf

url VCID-dk87-j5dz-6bed

vulnerability_id VCID-dk87-j5dz-6bed

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7328

reference_id

reference_type

scores

value	0.00361
scoring_system	epss
scoring_elements	0.5825
published_at	2026-04-18T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58247
published_at	2026-04-16T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58104
published_at	2026-04-01T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58189
published_at	2026-04-02T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58209
published_at	2026-04-04T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58182
published_at	2026-04-07T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58236
published_at	2026-04-08T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58241
published_at	2026-04-09T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58258
published_at	2026-04-11T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58235
published_at	2026-04-12T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58216
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7328

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2449
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2449

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7328

reference_id

CVE-2019-7328

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7328

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7328

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk87-j5dz-6bed

url VCID-dp5c-4aaa-uyaq

vulnerability_id VCID-dp5c-4aaa-uyaq

summary A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5595

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43164
published_at	2026-04-01T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43221
published_at	2026-04-02T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43249
published_at	2026-04-04T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43188
published_at	2026-04-07T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43239
published_at	2026-04-08T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43251
published_at	2026-04-09T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43273
published_at	2026-04-11T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43241
published_at	2026-04-12T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43225
published_at	2026-04-13T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43286
published_at	2026-04-16T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43275
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5595

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5595
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5595

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733
reference_id	854733
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2017-5595

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5c-4aaa-uyaq

url VCID-dpp2-3t2d-d3e4

vulnerability_id VCID-dpp2-3t2d-d3e4

summary A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6991

reference_id

reference_type

scores

value	0.05293
scoring_system	epss
scoring_elements	0.90032
published_at	2026-04-18T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90031
published_at	2026-04-16T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89973
published_at	2026-04-01T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89975
published_at	2026-04-02T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89987
published_at	2026-04-04T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89993
published_at	2026-04-07T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90008
published_at	2026-04-08T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90014
published_at	2026-04-09T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90023
published_at	2026-04-11T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90022
published_at	2026-04-12T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90016
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2478
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2478

reference_url	https://github.com/ZoneMinder/zoneminder/pull/2482
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/pull/2482

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000
reference_id	921000
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6991

reference_id

CVE-2019-6991

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6991

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
purl	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-6991

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpp2-3t2d-d3e4

url VCID-dz5v-tqce-a7ew

vulnerability_id VCID-dz5v-tqce-a7ew

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7332

reference_id

reference_type

scores

value	0.00361
scoring_system	epss
scoring_elements	0.5825
published_at	2026-04-18T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58247
published_at	2026-04-16T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58104
published_at	2026-04-01T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58189
published_at	2026-04-02T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58209
published_at	2026-04-04T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58182
published_at	2026-04-07T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58236
published_at	2026-04-08T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58241
published_at	2026-04-09T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58258
published_at	2026-04-11T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58235
published_at	2026-04-12T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58216
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7332

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2442
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2442

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7332

reference_id

CVE-2019-7332

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7332

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7332

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dz5v-tqce-a7ew

url VCID-edec-sj6n-n7d7

vulnerability_id VCID-edec-sj6n-n7d7

summary Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7335

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55838
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55661
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55772
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55795
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55775
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55826
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55829
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2453
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2453

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7335

reference_id

CVE-2019-7335

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7335

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7335

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edec-sj6n-n7d7

url VCID-f9wt-f98j-ekeh

vulnerability_id VCID-f9wt-f98j-ekeh

summary Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10202

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.50914
published_at	2026-04-01T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50968
published_at	2026-04-02T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50993
published_at	2026-04-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50951
published_at	2026-04-07T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51008
published_at	2026-04-08T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51004
published_at	2026-04-09T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51047
published_at	2026-04-11T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51026
published_at	2026-04-12T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51009
published_at	2026-04-13T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51046
published_at	2026-04-16T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51053
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10202

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272
reference_id	854272
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2016-10202

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9wt-f98j-ekeh

url VCID-fnhr-cs7k-gkeu

vulnerability_id VCID-fnhr-cs7k-gkeu

summary POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7339

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55838
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55661
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55772
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55795
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55775
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55826
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55829
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7339

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2460
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2460

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7339

reference_id

CVE-2019-7339

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7339

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7339

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhr-cs7k-gkeu

url VCID-fyy1-fwys-xkbj

vulnerability_id VCID-fyy1-fwys-xkbj

summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26036

reference_id

reference_type

scores

value	0.00417
scoring_system	epss
scoring_elements	0.61802
published_at	2026-04-18T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61796
published_at	2026-04-16T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61699
published_at	2026-04-02T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61729
published_at	2026-04-04T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.617
published_at	2026-04-07T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61749
published_at	2026-04-08T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61764
published_at	2026-04-09T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61786
published_at	2026-04-11T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61773
published_at	2026-04-12T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61754
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26036

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw

reference_id

GHSA-h5m9-6jjc-cgmw

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-10T21:00:52Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw

fixed_packages

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-26036

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyy1-fwys-xkbj

url VCID-g1r5-fbsj-n3dr

vulnerability_id VCID-g1r5-fbsj-n3dr

summary A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6992

reference_id

reference_type

scores

value	0.00307
scoring_system	epss
scoring_elements	0.53942
published_at	2026-04-18T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53936
published_at	2026-04-16T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53814
published_at	2026-04-01T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53833
published_at	2026-04-02T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53861
published_at	2026-04-04T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53835
published_at	2026-04-07T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53887
published_at	2026-04-08T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53885
published_at	2026-04-09T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53932
published_at	2026-04-11T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53914
published_at	2026-04-12T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53898
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6992

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992

reference_url	https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2445
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2445

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999
reference_id	920999
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6992

reference_id

CVE-2019-6992

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6992

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
purl	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-6992

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1r5-fbsj-n3dr

url VCID-hpah-sv5y-8bde

vulnerability_id VCID-hpah-sv5y-8bde

summary Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13072

reference_id

reference_type

scores

value	0.00261
scoring_system	epss
scoring_elements	0.49438
published_at	2026-04-01T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49466
published_at	2026-04-02T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49493
published_at	2026-04-04T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49446
published_at	2026-04-07T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49501
published_at	2026-04-08T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49496
published_at	2026-04-09T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49513
published_at	2026-04-11T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49485
published_at	2026-04-12T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49488
published_at	2026-04-13T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49534
published_at	2026-04-16T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49533
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13072

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-13072

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpah-sv5y-8bde

url VCID-j283-1m9p-13hn

vulnerability_id VCID-j283-1m9p-13hn

summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25825

reference_id

reference_type

scores

value	0.00297
scoring_system	epss
scoring_elements	0.53094
published_at	2026-04-18T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52988
published_at	2026-04-07T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53039
published_at	2026-04-08T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53032
published_at	2026-04-09T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53082
published_at	2026-04-11T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53066
published_at	2026-04-12T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53049
published_at	2026-04-13T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53087
published_at	2026-04-16T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52996
published_at	2026-04-02T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53021
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25825

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25825
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25825

reference_url

https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81

reference_id

4637eaf9ea530193e0897ec48899f5638bdd6d81

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/

url

https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81

reference_url

https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0

reference_id

57bf25d39f12d620693f26068b8441b4f3f0b6c0

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/

url

https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0

reference_url

https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308

reference_id

e1028c1d7f23cc1e0941b7b37bb6ae5a04364308

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/

url

https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v

reference_id

GHSA-68vf-g4qm-jr6v

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:53Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v

fixed_packages

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-25825

risk_score 3.5

exploitability 0.5

weighted_severity 6.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j283-1m9p-13hn

url VCID-jmdh-m4ty-gqch

vulnerability_id VCID-jmdh-m4ty-gqch

summary Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7341

reference_id

reference_type

scores

value	0.00358
scoring_system	epss
scoring_elements	0.58087
published_at	2026-04-18T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58056
published_at	2026-04-13T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.57943
published_at	2026-04-01T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58027
published_at	2026-04-02T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5805
published_at	2026-04-04T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58025
published_at	2026-04-07T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.5808
published_at	2026-04-08T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58083
published_at	2026-04-09T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.581
published_at	2026-04-11T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58077
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7341

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2463
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2463

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7341

reference_id

CVE-2019-7341

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7341

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7341

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdh-m4ty-gqch

url VCID-jukn-h868-5ugm

vulnerability_id VCID-jukn-h868-5ugm

summary ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39291

reference_id

reference_type

scores

value	0.07382
scoring_system	epss
scoring_elements	0.91694
published_at	2026-04-02T12:55:00Z

value	0.07382
scoring_system	epss
scoring_elements	0.91699
published_at	2026-04-04T12:55:00Z

value	0.07382
scoring_system	epss
scoring_elements	0.91707
published_at	2026-04-07T12:55:00Z

value	0.07382
scoring_system	epss
scoring_elements	0.9172
published_at	2026-04-08T12:55:00Z

value	0.07382
scoring_system	epss
scoring_elements	0.91727
published_at	2026-04-13T12:55:00Z

value	0.07382
scoring_system	epss
scoring_elements	0.9173
published_at	2026-04-11T12:55:00Z

value	0.07382
scoring_system	epss
scoring_elements	0.91732
published_at	2026-04-12T12:55:00Z

value	0.07382
scoring_system	epss
scoring_elements	0.91748
published_at	2026-04-16T12:55:00Z

value	0.07382
scoring_system	epss
scoring_elements	0.91741
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
reference_id	1021565
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565

reference_url

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

reference_id

34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/

url

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

reference_url

https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c

reference_id

73d9f2482cdcb238506388798d3cf92546f9e40c

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/

url

https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c

reference_url

https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b

reference_id

cb3fc5907da21a5111ae54128a5d0b49ae755e9b

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/

url

https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b

reference_url

https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408

reference_id

de2866f9574a2bf2690276fad53c91d607825408

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/

url

https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74

reference_id

GHSA-cfcx-v52x-jh74

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74

reference_url

http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

reference_id

Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/

url

http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.31%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.31%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.31%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2022-39291

risk_score 9.8

exploitability 2.0

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jukn-h868-5ugm

url VCID-kgpe-97pr-suee

vulnerability_id VCID-kgpe-97pr-suee

summary Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7326

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.56014
published_at	2026-04-18T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56011
published_at	2026-04-16T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-01T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55949
published_at	2026-04-02T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.5597
published_at	2026-04-04T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55948
published_at	2026-04-07T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55999
published_at	2026-04-08T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56002
published_at	2026-04-09T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56013
published_at	2026-04-11T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55993
published_at	2026-04-12T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55975
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7326

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2452
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2452

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7326

reference_id

CVE-2019-7326

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7326

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7326

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgpe-97pr-suee

url VCID-kk5d-y2z8-r3g2

vulnerability_id VCID-kk5d-y2z8-r3g2

summary ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29806

reference_id

reference_type

scores

value	0.77125
scoring_system	epss
scoring_elements	0.9896
published_at	2026-04-02T12:55:00Z

value	0.77125
scoring_system	epss
scoring_elements	0.98962
published_at	2026-04-04T12:55:00Z

value	0.77125
scoring_system	epss
scoring_elements	0.98964
published_at	2026-04-07T12:55:00Z

value	0.77125
scoring_system	epss
scoring_elements	0.98966
published_at	2026-04-09T12:55:00Z

value	0.77125
scoring_system	epss
scoring_elements	0.98967
published_at	2026-04-11T12:55:00Z

value	0.77125
scoring_system	epss
scoring_elements	0.98968
published_at	2026-04-13T12:55:00Z

value	0.77125
scoring_system	epss
scoring_elements	0.9897
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29806

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.13%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.13%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.13%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2022-29806

risk_score 1.4

exploitability 2.0

weighted_severity 0.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kk5d-y2z8-r3g2

url VCID-mk5h-586t-pyga

vulnerability_id VCID-mk5h-586t-pyga

summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26038

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.48198
published_at	2026-04-18T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48203
published_at	2026-04-16T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48124
published_at	2026-04-02T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48145
published_at	2026-04-04T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48095
published_at	2026-04-07T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48148
published_at	2026-04-08T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48143
published_at	2026-04-09T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48167
published_at	2026-04-11T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.4814
published_at	2026-04-12T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48151
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26038

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w

reference_id

GHSA-wrx3-r8c4-r24w

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:50Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w

fixed_packages

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-26038

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mk5h-586t-pyga

url VCID-mx9e-1cur-mqfz

vulnerability_id VCID-mx9e-1cur-mqfz

summary Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10140

reference_id

reference_type

scores

value	0.34242
scoring_system	epss
scoring_elements	0.96951
published_at	2026-04-01T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96958
published_at	2026-04-02T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96963
published_at	2026-04-04T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96966
published_at	2026-04-07T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96974
published_at	2026-04-08T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96975
published_at	2026-04-09T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96978
published_at	2026-04-11T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96979
published_at	2026-04-12T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.9698
published_at	2026-04-13T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96988
published_at	2026-04-16T12:55:00Z

value	0.34242
scoring_system	epss
scoring_elements	0.96991
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10140

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851710
reference_id	851710
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851710

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2016-10140

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mx9e-1cur-mqfz

url VCID-myxu-h49e-77f1

vulnerability_id VCID-myxu-h49e-77f1

summary In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7464

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39391
published_at	2026-04-01T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39553
published_at	2026-04-02T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39576
published_at	2026-04-04T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39491
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39546
published_at	2026-04-08T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39562
published_at	2026-04-09T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39572
published_at	2026-04-11T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39534
published_at	2026-04-12T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39517
published_at	2026-04-13T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39567
published_at	2026-04-16T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3954
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7464

fixed_packages

url	pkg:deb/debian/zoneminder@0?distro=trixie
purl	pkg:deb/debian/zoneminder@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@0%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2013-7464

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myxu-h49e-77f1

url VCID-n8y3-5fb9-kucb

vulnerability_id VCID-n8y3-5fb9-kucb

summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26032

reference_id

reference_type

scores

value	0.00714
scoring_system	epss
scoring_elements	0.72379
published_at	2026-04-18T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.7237
published_at	2026-04-16T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72287
published_at	2026-04-02T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72306
published_at	2026-04-04T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72283
published_at	2026-04-07T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72322
published_at	2026-04-08T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72334
published_at	2026-04-09T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72357
published_at	2026-04-11T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.7234
published_at	2026-04-12T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72328
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26032

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26032
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26032

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9

reference_id

GHSA-6c72-q9mw-mwx9

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:57:37Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9

fixed_packages

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-26032

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8y3-5fb9-kucb

url VCID-p916-xnk3-rkce

vulnerability_id VCID-p916-xnk3-rkce

summary A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7347

reference_id

reference_type

scores

value	0.00534
scoring_system	epss
scoring_elements	0.67436
published_at	2026-04-18T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67425
published_at	2026-04-16T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67313
published_at	2026-04-01T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67349
published_at	2026-04-02T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67372
published_at	2026-04-04T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.6735
published_at	2026-04-07T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67401
published_at	2026-04-08T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67414
published_at	2026-04-09T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67435
published_at	2026-04-11T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67423
published_at	2026-04-12T12:55:00Z

value	0.00534
scoring_system	epss
scoring_elements	0.67389
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7347

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2476
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2476

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7347

reference_id

CVE-2019-7347

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7347

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7347

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p916-xnk3-rkce

url VCID-pr1z-g8aw-tqez

vulnerability_id VCID-pr1z-g8aw-tqez

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7329

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.55994
published_at	2026-04-18T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55991
published_at	2026-04-16T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55817
published_at	2026-04-01T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55929
published_at	2026-04-07T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55951
published_at	2026-04-04T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.5598
published_at	2026-04-08T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55983
published_at	2026-04-09T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55993
published_at	2026-04-11T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55973
published_at	2026-04-12T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55955
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2446
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2446

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7329

reference_id

CVE-2019-7329

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7329

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7329

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1z-g8aw-tqez

url VCID-qb3h-yn1c-m3cx

vulnerability_id VCID-qb3h-yn1c-m3cx

summary zoneminder: command injection via unescaped php exec() calls

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1381.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1381.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-1381

reference_id

reference_type

scores

value	0.01505
scoring_system	epss
scoring_elements	0.811
published_at	2026-04-01T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81109
published_at	2026-04-02T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81133
published_at	2026-04-04T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81132
published_at	2026-04-07T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.8116
published_at	2026-04-08T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81166
published_at	2026-04-09T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81185
published_at	2026-04-11T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81171
published_at	2026-04-12T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81165
published_at	2026-04-13T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81202
published_at	2026-04-16T12:55:00Z

value	0.01505
scoring_system	epss
scoring_elements	0.81203
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-1381

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1381
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1381

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=444434
reference_id	444434
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=444434

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479034
reference_id	479034
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479034

fixed_packages

url	pkg:deb/debian/zoneminder@1.23.3-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.23.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.23.3-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2008-1381

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qb3h-yn1c-m3cx

url VCID-qcxm-vr2w-6ka7

vulnerability_id VCID-qcxm-vr2w-6ka7

summary Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-0227

reference_id

reference_type

scores

value	0.03422
scoring_system	epss
scoring_elements	0.87403
published_at	2026-04-01T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87413
published_at	2026-04-02T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87427
published_at	2026-04-04T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87428
published_at	2026-04-07T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87446
published_at	2026-04-08T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87453
published_at	2026-04-09T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87465
published_at	2026-04-11T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.8746
published_at	2026-04-12T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87457
published_at	2026-04-13T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87471
published_at	2026-04-16T12:55:00Z

value	0.03422
scoring_system	epss
scoring_elements	0.87473
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-0227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0227

fixed_packages

url	pkg:deb/debian/zoneminder@1.22.3-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.22.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.22.3-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2004-0227

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcxm-vr2w-6ka7

url VCID-qn8h-k43x-p7cs

vulnerability_id VCID-qn8h-k43x-p7cs

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7330

reference_id

reference_type

scores

value	0.00361
scoring_system	epss
scoring_elements	0.5825
published_at	2026-04-18T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58247
published_at	2026-04-16T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58104
published_at	2026-04-01T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58189
published_at	2026-04-02T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58209
published_at	2026-04-04T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58182
published_at	2026-04-07T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58236
published_at	2026-04-08T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58241
published_at	2026-04-09T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58258
published_at	2026-04-11T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58235
published_at	2026-04-12T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58216
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2448
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2448

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7330

reference_id

CVE-2019-7330

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7330

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7330

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qn8h-k43x-p7cs

url VCID-qs2j-ektc-2kf9

vulnerability_id VCID-qs2j-ektc-2kf9

summary skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-8426

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.55998
published_at	2026-04-18T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55995
published_at	2026-04-16T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55821
published_at	2026-04-01T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55933
published_at	2026-04-07T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55955
published_at	2026-04-04T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55984
published_at	2026-04-08T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55987
published_at	2026-04-09T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55997
published_at	2026-04-11T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55977
published_at	2026-04-12T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.55959
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-8426

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426

reference_url	https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss
reference_id
reference_type
scores
url	https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss

reference_url	https://www.seebug.org/vuldb/ssvid-97766
reference_id
reference_type
scores
url	https://www.seebug.org/vuldb/ssvid-97766

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-8426

reference_id

CVE-2019-8426

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-8426

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-8426

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs2j-ektc-2kf9

url VCID-qxmt-szsx-y7a8

vulnerability_id VCID-qxmt-szsx-y7a8

summary Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7338

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55838
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55661
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55772
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55795
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55775
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55826
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55829
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7338

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2454
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2454

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7338

reference_id

CVE-2019-7338

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7338

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7338

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxmt-szsx-y7a8

url VCID-qxtk-taxx-1kde

vulnerability_id VCID-qxtk-taxx-1kde

summary Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7348

reference_id

reference_type

scores

value	0.00284
scoring_system	epss
scoring_elements	0.51839
published_at	2026-04-18T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51832
published_at	2026-04-16T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51688
published_at	2026-04-01T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51738
published_at	2026-04-02T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51764
published_at	2026-04-04T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51725
published_at	2026-04-07T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51779
published_at	2026-04-08T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51776
published_at	2026-04-09T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51826
published_at	2026-04-11T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51805
published_at	2026-04-12T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.5179
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7348

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2467
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2467

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7348

reference_id

CVE-2019-7348

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7348

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7348

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxtk-taxx-1kde

url VCID-r3pj-815v-uubu

vulnerability_id VCID-r3pj-815v-uubu

summary Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25730

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.4889
published_at	2026-04-18T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48815
published_at	2026-04-02T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48893
published_at	2026-04-16T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48776
published_at	2026-04-01T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.4884
published_at	2026-04-04T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48795
published_at	2026-04-07T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48849
published_at	2026-04-08T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48845
published_at	2026-04-09T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48861
published_at	2026-04-11T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48835
published_at	2026-04-12T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48844
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25730

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25730
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25730

reference_url

https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413

reference_id

9268db14a79c4ccd444c2bf8d24e62b13207b413

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:46:50Z/

url

https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.21-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.21-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2020-25730

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3pj-815v-uubu

url VCID-r4zz-6j52-cue5

vulnerability_id VCID-r4zz-6j52-cue5

summary Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10203

reference_id

reference_type

scores

value	0.00326
scoring_system	epss
scoring_elements	0.55467
published_at	2026-04-01T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55579
published_at	2026-04-02T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55603
published_at	2026-04-04T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55581
published_at	2026-04-07T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55633
published_at	2026-04-08T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55636
published_at	2026-04-09T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55645
published_at	2026-04-16T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55624
published_at	2026-04-12T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55607
published_at	2026-04-13T12:55:00Z

value	0.00326
scoring_system	epss
scoring_elements	0.55648
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10203

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272
reference_id	854272
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2016-10203

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-6j52-cue5

url VCID-r751-csse-zuaq

vulnerability_id VCID-r751-csse-zuaq

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000833

reference_id

reference_type

scores

value	0.01979
scoring_system	epss
scoring_elements	0.83503
published_at	2026-04-01T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.83515
published_at	2026-04-02T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.83529
published_at	2026-04-04T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.8353
published_at	2026-04-07T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.83554
published_at	2026-04-08T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.83563
published_at	2026-04-09T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.83578
published_at	2026-04-11T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.83572
published_at	2026-04-12T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.83568
published_at	2026-04-13T12:55:00Z

value	0.01979
scoring_system	epss
scoring_elements	0.83602
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000833

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024
reference_id	917024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024

fixed_packages

url	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
purl	pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2018-1000833

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r751-csse-zuaq

url VCID-rdyb-mgsn-gyb5

vulnerability_id VCID-rdyb-mgsn-gyb5

summary ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5368

reference_id

reference_type

scores

value	0.00205
scoring_system	epss
scoring_elements	0.4257
published_at	2026-04-01T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42641
published_at	2026-04-02T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42669
published_at	2026-04-04T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.4261
published_at	2026-04-07T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42661
published_at	2026-04-08T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42673
published_at	2026-04-09T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42696
published_at	2026-04-11T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.4266
published_at	2026-04-12T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42643
published_at	2026-04-13T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42703
published_at	2026-04-16T12:55:00Z

value	0.00205
scoring_system	epss
scoring_elements	0.42689
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733
reference_id	854733
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2017-5368

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdyb-mgsn-gyb5

url VCID-sdf7-gmgd-pkf8

vulnerability_id VCID-sdf7-gmgd-pkf8

summary Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10205

reference_id

reference_type

scores

value	0.00743
scoring_system	epss
scoring_elements	0.72953
published_at	2026-04-01T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.72965
published_at	2026-04-02T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.72984
published_at	2026-04-04T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.7296
published_at	2026-04-07T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.72997
published_at	2026-04-08T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.73011
published_at	2026-04-09T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.73036
published_at	2026-04-11T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.73015
published_at	2026-04-12T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.73008
published_at	2026-04-13T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.7305
published_at	2026-04-16T12:55:00Z

value	0.00743
scoring_system	epss
scoring_elements	0.7306
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10205

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10205
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10205

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272
reference_id	854272
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2016-10205

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sdf7-gmgd-pkf8

url VCID-t5fd-hvgs-sue7

vulnerability_id VCID-t5fd-hvgs-sue7

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7337

reference_id

reference_type

scores

value	0.00321
scoring_system	epss
scoring_elements	0.55239
published_at	2026-04-18T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55236
published_at	2026-04-16T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55074
published_at	2026-04-01T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55175
published_at	2026-04-02T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55199
published_at	2026-04-04T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55174
published_at	2026-04-07T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55223
published_at	2026-04-09T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55235
published_at	2026-04-11T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55216
published_at	2026-04-12T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55197
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7337

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2456
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2456

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7337

reference_id

CVE-2019-7337

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7337

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7337

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fd-hvgs-sue7

url VCID-tj5u-pm5u-4ug6

vulnerability_id VCID-tj5u-pm5u-4ug6

summary includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.

references

reference_url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910
reference_id
reference_type
scores
url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910

reference_url	http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/
reference_id
reference_type
scores
url	http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0232

reference_id

reference_type

scores

value	0.7823
scoring_system	epss
scoring_elements	0.99024
published_at	2026-04-18T12:55:00Z

value	0.7823
scoring_system	epss
scoring_elements	0.99012
published_at	2026-04-01T12:55:00Z

value	0.7823
scoring_system	epss
scoring_elements	0.99013
published_at	2026-04-02T12:55:00Z

value	0.7823
scoring_system	epss
scoring_elements	0.99016
published_at	2026-04-04T12:55:00Z

value	0.7823
scoring_system	epss
scoring_elements	0.99018
published_at	2026-04-07T12:55:00Z

value	0.7823
scoring_system	epss
scoring_elements	0.99019
published_at	2026-04-09T12:55:00Z

value	0.7823
scoring_system	epss
scoring_elements	0.9902
published_at	2026-04-11T12:55:00Z

value	0.7823
scoring_system	epss
scoring_elements	0.99022
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0232

reference_url	http://www.debian.org/security/2013/dsa-2640
reference_id
reference_type
scores
url	http://www.debian.org/security/2013/dsa-2640

reference_url	http://www.exploit-db.com/exploits/24310
reference_id
reference_type
scores
url	http://www.exploit-db.com/exploits/24310

reference_url	http://www.openwall.com/lists/oss-security/2013/01/28/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/01/28/2

reference_url	http://www.osvdb.org/89529
reference_id
reference_type
scores
url	http://www.osvdb.org/89529

reference_url	http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771
reference_id
reference_type
scores
url	http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910
reference_id	698910
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.4:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.24.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.25.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.25.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.25.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0232

reference_id

CVE-2013-0232

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0232

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/24310.rb
reference_id	OSVDB-89529;CVE-2013-0332;CVE-2013-0232
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/24310.rb

fixed_packages

url	pkg:deb/debian/zoneminder@1.25.0-4?distro=trixie
purl	pkg:deb/debian/zoneminder@1.25.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.25.0-4%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2013-0232

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tj5u-pm5u-4ug6

url VCID-tyu6-8h17-8yh5

vulnerability_id VCID-tyu6-8h17-8yh5

summary ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26037

reference_id

reference_type

scores

value	0.00714
scoring_system	epss
scoring_elements	0.72379
published_at	2026-04-18T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.7237
published_at	2026-04-16T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72287
published_at	2026-04-02T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72306
published_at	2026-04-04T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72283
published_at	2026-04-07T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72322
published_at	2026-04-08T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72334
published_at	2026-04-09T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72357
published_at	2026-04-11T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.7234
published_at	2026-04-12T12:55:00Z

value	0.00714
scoring_system	epss
scoring_elements	0.72328
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26037

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26037
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26037

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733

reference_id

GHSA-65jp-2hj3-3733

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:57:34Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733

fixed_packages

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2023-26037

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyu6-8h17-8yh5

url VCID-ug2b-2eg5-jfbb

vulnerability_id VCID-ug2b-2eg5-jfbb

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7349

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55838
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55661
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55772
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55795
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55775
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55826
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55829
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7349

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2465
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2465

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7349

reference_id

CVE-2019-7349

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7349

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7349

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ug2b-2eg5-jfbb

url VCID-ukjs-5za3-xqdb

vulnerability_id VCID-ukjs-5za3-xqdb

summary Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7344

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55838
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55661
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55772
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55795
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55775
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55826
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55829
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7344

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2455
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2455

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7344

reference_id

CVE-2019-7344

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7344

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7344

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukjs-5za3-xqdb

url VCID-uybk-r4q9-gyac

vulnerability_id VCID-uybk-r4q9-gyac

summary ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39289

reference_id

reference_type

scores

value	0.00372
scoring_system	epss
scoring_elements	0.5901
published_at	2026-04-16T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.59013
published_at	2026-04-18T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58994
published_at	2026-04-12T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58975
published_at	2026-04-13T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58947
published_at	2026-04-02T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58969
published_at	2026-04-04T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58936
published_at	2026-04-07T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58987
published_at	2026-04-08T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.58993
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39289

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565
reference_id	1021565
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565

reference_url

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

reference_id

34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/

url

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

reference_url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488

reference_id

GHSA-mpcx-3gvh-9488

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/

url

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488

fixed_packages

url	pkg:deb/debian/zoneminder@1.36.31%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.31%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.31%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2022-39289

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uybk-r4q9-gyac

url VCID-v56x-raf9-kydq

vulnerability_id VCID-v56x-raf9-kydq

summary ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-8424

reference_id

reference_type

scores

value	0.00329
scoring_system	epss
scoring_elements	0.55887
published_at	2026-04-18T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55882
published_at	2026-04-16T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55707
published_at	2026-04-01T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.5582
published_at	2026-04-02T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55843
published_at	2026-04-04T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55821
published_at	2026-04-07T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55872
published_at	2026-04-08T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55875
published_at	2026-04-09T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55885
published_at	2026-04-11T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55865
published_at	2026-04-12T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55846
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-8424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424

reference_url	https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
reference_id
reference_type
scores
url	https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection

reference_url	https://www.seebug.org/vuldb/ssvid-97763
reference_id
reference_type
scores
url	https://www.seebug.org/vuldb/ssvid-97763

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-8424

reference_id

CVE-2019-8424

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-8424

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-8424

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v56x-raf9-kydq

url VCID-w96c-3tde-d7b1

vulnerability_id VCID-w96c-3tde-d7b1

summary SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10204

reference_id

reference_type

scores

value	0.00518
scoring_system	epss
scoring_elements	0.66663
published_at	2026-04-01T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66704
published_at	2026-04-02T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66729
published_at	2026-04-04T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66702
published_at	2026-04-07T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66751
published_at	2026-04-08T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66766
published_at	2026-04-09T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66785
published_at	2026-04-11T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66772
published_at	2026-04-12T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66743
published_at	2026-04-13T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66777
published_at	2026-04-16T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.6679
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10204

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10204
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10204

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272
reference_id	854272
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2016-10204

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w96c-3tde-d7b1

url VCID-wdng-puzu-5kah

vulnerability_id VCID-wdng-puzu-5kah

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7327

reference_id

reference_type

scores

value	0.00361
scoring_system	epss
scoring_elements	0.5825
published_at	2026-04-18T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58247
published_at	2026-04-16T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58104
published_at	2026-04-01T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58189
published_at	2026-04-02T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58209
published_at	2026-04-04T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58182
published_at	2026-04-07T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58236
published_at	2026-04-08T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58241
published_at	2026-04-09T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58258
published_at	2026-04-11T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58235
published_at	2026-04-12T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58216
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7327

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2447
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2447

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7327

reference_id

CVE-2019-7327

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7327

reference_url	https://usn.ubuntu.com/5889-1/
reference_id	USN-5889-1
reference_type
scores
url	https://usn.ubuntu.com/5889-1/

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7327

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wdng-puzu-5kah

url VCID-xj45-xv47-ruhe

vulnerability_id VCID-xj45-xv47-ruhe

summary A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7346

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.39241
published_at	2026-04-18T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39271
published_at	2026-04-16T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39065
published_at	2026-04-01T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.3925
published_at	2026-04-02T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39273
published_at	2026-04-04T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39192
published_at	2026-04-07T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39247
published_at	2026-04-08T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39263
published_at	2026-04-09T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39274
published_at	2026-04-11T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39236
published_at	2026-04-12T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39218
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7346

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2469
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2469

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7346

reference_id

CVE-2019-7346

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7346

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7346

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xj45-xv47-ruhe

url VCID-y3vt-x7b1-4yer

vulnerability_id VCID-y3vt-x7b1-4yer

summary Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7334

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55838
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55661
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55772
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55795
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55775
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55826
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55829
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55818
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7334

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334

reference_url	https://github.com/ZoneMinder/zoneminder/issues/2443
reference_id
reference_type
scores
url	https://github.com/ZoneMinder/zoneminder/issues/2443

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
reference_id	922724
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7334

reference_id

CVE-2019-7334

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7334

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2019-7334

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vt-x7b1-4yer

url VCID-ys4w-ngmr-mbh9

vulnerability_id VCID-ys4w-ngmr-mbh9

summary Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10201

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.50914
published_at	2026-04-01T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50968
published_at	2026-04-02T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50993
published_at	2026-04-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50951
published_at	2026-04-07T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51008
published_at	2026-04-08T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51004
published_at	2026-04-09T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51047
published_at	2026-04-11T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51026
published_at	2026-04-12T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51009
published_at	2026-04-13T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51046
published_at	2026-04-16T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51053
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10201

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272
reference_id	854272
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2016-10201

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ys4w-ngmr-mbh9

url VCID-yxpy-5fmj-cbb7

vulnerability_id VCID-yxpy-5fmj-cbb7

summary ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25729

reference_id

reference_type

scores

value	0.00528
scoring_system	epss
scoring_elements	0.67069
published_at	2026-04-01T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67106
published_at	2026-04-02T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.6713
published_at	2026-04-04T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67104
published_at	2026-04-07T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67154
published_at	2026-04-08T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67167
published_at	2026-04-09T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67186
published_at	2026-04-11T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67172
published_at	2026-04-12T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67141
published_at	2026-04-13T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67175
published_at	2026-04-16T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67189
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25729

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729

fixed_packages

url	pkg:deb/debian/zoneminder@1.34.21-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.34.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.21-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2020-25729

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yxpy-5fmj-cbb7

url VCID-zd7k-6rwb-qug5

vulnerability_id VCID-zd7k-6rwb-qug5

summary Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-3882

reference_id

reference_type

scores

value	0.0468
scoring_system	epss
scoring_elements	0.8935
published_at	2026-04-18T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.89292
published_at	2026-04-01T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.89298
published_at	2026-04-02T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.89311
published_at	2026-04-04T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.89313
published_at	2026-04-07T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.8933
published_at	2026-04-08T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.89334
published_at	2026-04-09T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.89343
published_at	2026-04-11T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.8934
published_at	2026-04-12T12:55:00Z

value	0.0468
scoring_system	epss
scoring_elements	0.89336
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-3882

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3882
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3882

reference_url	http://secunia.com/advisories/31636
reference_id
reference_type
scores
url	http://secunia.com/advisories/31636

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44728
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44728

reference_url	http://www.securityfocus.com/archive/1/495745/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/495745/100/0/threaded

reference_url	http://www.securityfocus.com/bid/30843
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/30843

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497640
reference_id	497640
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497640

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::
reference_id	cpe:2.3:a:zoneminder:zoneminder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:0.9.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.17.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.18.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.19.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.21.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.22.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*
reference_id	cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.23.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-3882

reference_id

CVE-2008-3882

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

url

https://nvd.nist.gov/vuln/detail/CVE-2008-3882

fixed_packages

url	pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.24.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.24.1-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2008-3882

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd7k-6rwb-qug5

url VCID-zu3w-apm5-8bdw

vulnerability_id VCID-zu3w-apm5-8bdw

summary Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10206

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32517
published_at	2026-04-01T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32666
published_at	2026-04-02T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32702
published_at	2026-04-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32523
published_at	2026-04-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.3257
published_at	2026-04-16T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32596
published_at	2026-04-09T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32598
published_at	2026-04-11T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32561
published_at	2026-04-12T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32533
published_at	2026-04-13T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32548
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10206

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10206
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10206

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272
reference_id	854272
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272

fixed_packages

url	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.30.4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.30.4%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-4qtk-7myx-vfcd

vulnerability	VCID-7vc9-wfjb-t3ba

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-95ub-6q5w-p3cm

vulnerability	VCID-9kh5-715y-pud4

vulnerability	VCID-d117-rhnc-rkhf

vulnerability	VCID-fyy1-fwys-xkbj

vulnerability	VCID-j283-1m9p-13hn

vulnerability	VCID-jukn-h868-5ugm

vulnerability	VCID-kk5d-y2z8-r3g2

vulnerability	VCID-mdkd-vmcp-afa8

vulnerability	VCID-mk5h-586t-pyga

vulnerability	VCID-n8y3-5fb9-kucb

vulnerability	VCID-tyu6-8h17-8yh5

vulnerability	VCID-uybk-r4q9-gyac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie

url pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xuk-942c-kkbf

vulnerability	VCID-4mfm-zzrx-6ffb

vulnerability	VCID-7x51-uyq2-9qax

vulnerability	VCID-mdkd-vmcp-afa8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2016-10206

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zu3w-apm5-8bdw

Risk_score 4.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie

Package Instance