| 0 |
| url |
VCID-11zt-rw3z-87gx |
| vulnerability_id |
VCID-11zt-rw3z-87gx |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7333 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7333 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7333
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-11zt-rw3z-87gx |
|
| 1 |
| url |
VCID-23ug-uzth-tybf |
| vulnerability_id |
VCID-23ug-uzth-tybf |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7352 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7352 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7352
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-23ug-uzth-tybf |
|
| 2 |
| url |
VCID-35hj-x1e2-eug1 |
| vulnerability_id |
VCID-35hj-x1e2-eug1 |
| summary |
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8428 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55887 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55707 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5582 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55843 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55872 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55875 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55885 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55865 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55882 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8428 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8428
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-35hj-x1e2-eug1 |
|
| 3 |
| url |
VCID-3zrk-nztf-nqfd |
| vulnerability_id |
VCID-3zrk-nztf-nqfd |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46443 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46498 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46374 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46415 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46435 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46383 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46463 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46434 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46444 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46501 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7345 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7345
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrk-nztf-nqfd |
|
| 4 |
| url |
VCID-4zbd-b8b7-tfa4 |
| vulnerability_id |
VCID-4zbd-b8b7-tfa4 |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7325 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7325 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7325
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbd-b8b7-tfa4 |
|
| 5 |
| url |
VCID-5ba3-bxk1-pbht |
| vulnerability_id |
VCID-5ba3-bxk1-pbht |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7336 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7336 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7336
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ba3-bxk1-pbht |
|
| 6 |
| url |
VCID-6mdb-h6fb-c7d6 |
| vulnerability_id |
VCID-6mdb-h6fb-c7d6 |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7342 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55722 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55744 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55561 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55673 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55695 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55674 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55725 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55728 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55737 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55717 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.557 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5574 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7342 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7342
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6mdb-h6fb-c7d6 |
|
| 7 |
| url |
VCID-6xnz-k4kg-eqhd |
| vulnerability_id |
VCID-6xnz-k4kg-eqhd |
| summary |
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7343 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7343
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-k4kg-eqhd |
|
| 8 |
| url |
VCID-7x1r-12y1-ekfk |
| vulnerability_id |
VCID-7x1r-12y1-ekfk |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7340 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7340 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7340
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7x1r-12y1-ekfk |
|
| 9 |
| url |
VCID-8uu9-g2r8-nyep |
| vulnerability_id |
VCID-8uu9-g2r8-nyep |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7331 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7331 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7331
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8uu9-g2r8-nyep |
|
| 10 |
| url |
VCID-dk87-j5dz-6bed |
| vulnerability_id |
VCID-dk87-j5dz-6bed |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7328 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7328 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7328
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dk87-j5dz-6bed |
|
| 11 |
| url |
VCID-dz5v-tqce-a7ew |
| vulnerability_id |
VCID-dz5v-tqce-a7ew |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7332 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7332
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dz5v-tqce-a7ew |
|
| 12 |
| url |
VCID-edec-sj6n-n7d7 |
| vulnerability_id |
VCID-edec-sj6n-n7d7 |
| summary |
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7335 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7335 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7335
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-edec-sj6n-n7d7 |
|
| 13 |
| url |
VCID-fnhr-cs7k-gkeu |
| vulnerability_id |
VCID-fnhr-cs7k-gkeu |
| summary |
POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7339 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7339 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7339
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhr-cs7k-gkeu |
|
| 14 |
| url |
VCID-hpah-sv5y-8bde |
| vulnerability_id |
VCID-hpah-sv5y-8bde |
| summary |
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13072 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49438 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49466 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49493 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49446 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49501 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49496 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49513 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49485 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49488 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49534 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49533 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49503 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13072 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-13072
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hpah-sv5y-8bde |
|
| 15 |
| url |
VCID-jmdh-m4ty-gqch |
| vulnerability_id |
VCID-jmdh-m4ty-gqch |
| summary |
Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7341 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57943 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58027 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5808 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.581 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7341 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7341
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdh-m4ty-gqch |
|
| 16 |
| url |
VCID-kgpe-97pr-suee |
| vulnerability_id |
VCID-kgpe-97pr-suee |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55988 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56014 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56011 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7326 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7326
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgpe-97pr-suee |
|
| 17 |
| url |
VCID-p916-xnk3-rkce |
| vulnerability_id |
VCID-p916-xnk3-rkce |
| summary |
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7347 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67436 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67425 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67313 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67349 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67372 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.6735 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67401 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67414 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67435 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67423 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00534 |
| scoring_system |
epss |
| scoring_elements |
0.67389 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7347 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7347
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p916-xnk3-rkce |
|
| 18 |
| url |
VCID-pr1z-g8aw-tqez |
| vulnerability_id |
VCID-pr1z-g8aw-tqez |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7329 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55969 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55994 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55817 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55929 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55951 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5598 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55983 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55993 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55973 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55955 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55991 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7329 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7329
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1z-g8aw-tqez |
|
| 19 |
| url |
VCID-qn8h-k43x-p7cs |
| vulnerability_id |
VCID-qn8h-k43x-p7cs |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7330 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7330
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qn8h-k43x-p7cs |
|
| 20 |
| url |
VCID-qs2j-ektc-2kf9 |
| vulnerability_id |
VCID-qs2j-ektc-2kf9 |
| summary |
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8426 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55973 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55998 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55933 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55955 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55984 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55987 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55997 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55977 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55959 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55995 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8426 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8426
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qs2j-ektc-2kf9 |
|
| 21 |
| url |
VCID-qxmt-szsx-y7a8 |
| vulnerability_id |
VCID-qxmt-szsx-y7a8 |
| summary |
Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7338 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7338 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7338
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxmt-szsx-y7a8 |
|
| 22 |
| url |
VCID-qxtk-taxx-1kde |
| vulnerability_id |
VCID-qxtk-taxx-1kde |
| summary |
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7348 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5182 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51839 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51688 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51738 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51764 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51725 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51779 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51776 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51826 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51805 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5179 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51832 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7348 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7348
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxtk-taxx-1kde |
|
| 23 |
| url |
VCID-t5fd-hvgs-sue7 |
| vulnerability_id |
VCID-t5fd-hvgs-sue7 |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7337 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55219 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55239 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55074 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55175 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55199 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55174 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55223 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55235 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55216 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55197 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00321 |
| scoring_system |
epss |
| scoring_elements |
0.55236 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7337 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7337
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fd-hvgs-sue7 |
|
| 24 |
| url |
VCID-ug2b-2eg5-jfbb |
| vulnerability_id |
VCID-ug2b-2eg5-jfbb |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7349 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7349 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7349
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ug2b-2eg5-jfbb |
|
| 25 |
| url |
VCID-ukjs-5za3-xqdb |
| vulnerability_id |
VCID-ukjs-5za3-xqdb |
| summary |
Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7344 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7344 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7344
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ukjs-5za3-xqdb |
|
| 26 |
| url |
VCID-v56x-raf9-kydq |
| vulnerability_id |
VCID-v56x-raf9-kydq |
| summary |
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8424 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55887 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55707 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.5582 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55843 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55821 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55872 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55875 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55885 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55865 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55846 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00329 |
| scoring_system |
epss |
| scoring_elements |
0.55882 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-8424 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-8424
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v56x-raf9-kydq |
|
| 27 |
| url |
VCID-wdng-puzu-5kah |
| vulnerability_id |
VCID-wdng-puzu-5kah |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7327 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58225 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.5825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58104 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58209 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58241 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58258 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00361 |
| scoring_system |
epss |
| scoring_elements |
0.58247 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7327 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7327
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wdng-puzu-5kah |
|
| 28 |
| url |
VCID-xj45-xv47-ruhe |
| vulnerability_id |
VCID-xj45-xv47-ruhe |
| summary |
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7346 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39153 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39241 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39065 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3925 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39273 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39192 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39247 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39263 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39274 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39236 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39218 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39271 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7346 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7346
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xj45-xv47-ruhe |
|
| 29 |
| url |
VCID-y3vt-x7b1-4yer |
| vulnerability_id |
VCID-y3vt-x7b1-4yer |
| summary |
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7334 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55842 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55661 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55826 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55837 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.558 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7334 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7334
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vt-x7b1-4yer |
|