{"url":"http://public2.vulnerablecode.io/api/packages/1049096?format=json","purl":"pkg:deb/debian/zoneminder@1.24.2-8%2Bsqueeze1","type":"deb","namespace":"debian","name":"zoneminder","version":"1.24.2-8+squeeze1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.36.35+dfsg1-1","latest_non_vulnerable_version":"1.36.35+dfsg1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94237?format=json","vulnerability_id":"VCID-11zt-rw3z-87gx","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7333","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5808","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58044","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2441","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2441"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7333","reference_id":"CVE-2019-7333","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7333"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11zt-rw3z-87gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94256?format=json","vulnerability_id":"VCID-23ug-uzth-tybf","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7352","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2475","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2475"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7352","reference_id":"CVE-2019-7352","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7352"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7352"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23ug-uzth-tybf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94278?format=json","vulnerability_id":"VCID-35hj-x1e2-eug1","summary":"ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8428","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55722","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5578","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55707","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5582","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55843","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55885","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55865","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55887","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55787","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55805","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8428"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428"},{"reference_url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli"},{"reference_url":"https://www.seebug.org/vuldb/ssvid-97765","reference_id":"","reference_type":"","scores":[],"url":"https://www.seebug.org/vuldb/ssvid-97765"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8428","reference_id":"CVE-2019-8428","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-8428"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35hj-x1e2-eug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94249?format=json","vulnerability_id":"VCID-3zrk-nztf-nqfd","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7345","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46288","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46423","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46374","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46415","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46435","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46383","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46439","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46463","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46434","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46498","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46443","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2468","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2468"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7345","reference_id":"CVE-2019-7345","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7345"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7345"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrk-nztf-nqfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94229?format=json","vulnerability_id":"VCID-4zbd-b8b7-tfa4","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7325","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55999","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56014","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2450","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2450"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7325","reference_id":"CVE-2019-7325","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7325"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7325"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbd-b8b7-tfa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92462?format=json","vulnerability_id":"VCID-578u-3ew5-qyh5","summary":"Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0332","reference_id":"","reference_type":"","scores":[{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96781","published_at":"2026-05-05T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96725","published_at":"2026-04-01T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96735","published_at":"2026-04-02T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96736","published_at":"2026-04-04T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96741","published_at":"2026-04-07T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96748","published_at":"2026-04-08T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96749","published_at":"2026-04-09T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96755","published_at":"2026-04-13T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96761","published_at":"2026-04-16T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96765","published_at":"2026-04-18T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96768","published_at":"2026-04-21T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96767","published_at":"2026-04-24T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96769","published_at":"2026-04-26T12:55:00Z"},{"value":"0.31131","scoring_system":"epss","scoring_elements":"0.96772","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0332"},{"reference_url":"http://www.debian.org/security/2013/dsa-2640","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2640"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/21/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/02/21/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/21/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/02/21/9"},{"reference_url":"http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979","reference_id":"","reference_type":"","scores":[],"url":"http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979"},{"reference_url":"http://www.zoneminder.com/wiki/index.php/Change_History","reference_id":"","reference_type":"","scores":[],"url":"http://www.zoneminder.com/wiki/index.php/Change_History"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912","reference_id":"700912","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0332","reference_id":"CVE-2013-0332","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0332"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17593.txt","reference_id":"OSVDB-74198;CVE-2013-0332","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17593.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049097?format=json","purl":"pkg:deb/debian/zoneminder@1.25.0-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11zt-rw3z-87gx"},{"vulnerability":"VCID-23ug-uzth-tybf"},{"vulnerability":"VCID-35hj-x1e2-eug1"},{"vulnerability":"VCID-3zrk-nztf-nqfd"},{"vulnerability":"VCID-4zbd-b8b7-tfa4"},{"vulnerability":"VCID-5ba3-bxk1-pbht"},{"vulnerability":"VCID-694p-mbsg-e7f6"},{"vulnerability":"VCID-6mdb-h6fb-c7d6"},{"vulnerability":"VCID-6xnz-k4kg-eqhd"},{"vulnerability":"VCID-7x1r-12y1-ekfk"},{"vulnerability":"VCID-8uu9-g2r8-nyep"},{"vulnerability":"VCID-8vh1-pk4c-63hz"},{"vulnerability":"VCID-9rr3-tdb4-1kdm"},{"vulnerability":"VCID-aqfu-4m9a-hbd4"},{"vulnerability":"VCID-cccj-wgfh-3fg4"},{"vulnerability":"VCID-dk87-j5dz-6bed"},{"vulnerability":"VCID-dp5c-4aaa-uyaq"},{"vulnerability":"VCID-dpp2-3t2d-d3e4"},{"vulnerability":"VCID-dz5v-tqce-a7ew"},{"vulnerability":"VCID-edec-sj6n-n7d7"},{"vulnerability":"VCID-f9wt-f98j-ekeh"},{"vulnerability":"VCID-fnhr-cs7k-gkeu"},{"vulnerability":"VCID-g1r5-fbsj-n3dr"},{"vulnerability":"VCID-hpah-sv5y-8bde"},{"vulnerability":"VCID-jmdh-m4ty-gqch"},{"vulnerability":"VCID-kgpe-97pr-suee"},{"vulnerability":"VCID-mx9e-1cur-mqfz"},{"vulnerability":"VCID-p916-xnk3-rkce"},{"vulnerability":"VCID-pr1z-g8aw-tqez"},{"vulnerability":"VCID-qn8h-k43x-p7cs"},{"vulnerability":"VCID-qs2j-ektc-2kf9"},{"vulnerability":"VCID-qxmt-szsx-y7a8"},{"vulnerability":"VCID-qxtk-taxx-1kde"},{"vulnerability":"VCID-r3pj-815v-uubu"},{"vulnerability":"VCID-r4zz-6j52-cue5"},{"vulnerability":"VCID-r751-csse-zuaq"},{"vulnerability":"VCID-rdyb-mgsn-gyb5"},{"vulnerability":"VCID-sdf7-gmgd-pkf8"},{"vulnerability":"VCID-t5fd-hvgs-sue7"},{"vulnerability":"VCID-ug2b-2eg5-jfbb"},{"vulnerability":"VCID-ukjs-5za3-xqdb"},{"vulnerability":"VCID-v56x-raf9-kydq"},{"vulnerability":"VCID-w96c-3tde-d7b1"},{"vulnerability":"VCID-wdng-puzu-5kah"},{"vulnerability":"VCID-xj45-xv47-ruhe"},{"vulnerability":"VCID-y3vt-x7b1-4yer"},{"vulnerability":"VCID-ys4w-ngmr-mbh9"},{"vulnerability":"VCID-yxpy-5fmj-cbb7"},{"vulnerability":"VCID-zu3w-apm5-8bdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.25.0-4"}],"aliases":["CVE-2013-0332"],"risk_score":9.0,"exploitability":"2.0","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-578u-3ew5-qyh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94240?format=json","vulnerability_id":"VCID-5ba3-bxk1-pbht","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7336","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2457","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2457"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7336","reference_id":"CVE-2019-7336","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7336"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7336"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ba3-bxk1-pbht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93217?format=json","vulnerability_id":"VCID-694p-mbsg-e7f6","summary":"Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5367","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65556","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65604","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.656","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65684","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.6567","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65641","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65676","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65689","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65687","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65699","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65698","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65673","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733","reference_id":"854733","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2017-5367"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-694p-mbsg-e7f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94246?format=json","vulnerability_id":"VCID-6mdb-h6fb-c7d6","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7342","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55587","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5564","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55561","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55695","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55674","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55725","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55737","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55717","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.557","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5574","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55722","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55647","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55664","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2461","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2461"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7342","reference_id":"CVE-2019-7342","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7342"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7342"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mdb-h6fb-c7d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94247?format=json","vulnerability_id":"VCID-6xnz-k4kg-eqhd","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7343","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5808","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58044","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2464","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2464"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7343","reference_id":"CVE-2019-7343","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7343"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-k4kg-eqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94244?format=json","vulnerability_id":"VCID-7x1r-12y1-ekfk","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7340","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5808","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58044","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2462","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2462"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7340","reference_id":"CVE-2019-7340","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7340"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7340"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7x1r-12y1-ekfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94235?format=json","vulnerability_id":"VCID-8uu9-g2r8-nyep","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named \"signal check color\" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7331","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55999","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56014","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2451","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7331","reference_id":"CVE-2019-7331","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7331"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7331"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8uu9-g2r8-nyep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94216?format=json","vulnerability_id":"VCID-8vh1-pk4c-63hz","summary":"A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49482","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50522","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50529","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50526","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50438","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50544","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50573","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50577","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50555","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50501","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5051","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50495","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2444","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001","reference_id":"921001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6990","reference_id":"CVE-2019-6990","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6990"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-6990"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vh1-pk4c-63hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93433?format=json","vulnerability_id":"VCID-9rr3-tdb4-1kdm","summary":"ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000832","reference_id":"","reference_type":"","scores":[{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92151","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92158","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92164","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92167","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92188","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92184","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92194","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92196","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92199","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.922","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92208","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000832"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024","reference_id":"917024","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2018-1000832"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9rr3-tdb4-1kdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93303?format=json","vulnerability_id":"VCID-aqfu-4m9a-hbd4","summary":"A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the \"ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7203","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51612","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51666","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51622","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51659","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51713","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51709","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51736","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51761","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51767","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51747","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.517","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51706","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7203"},{"reference_url":"https://github.com/ZoneMinder/ZoneMinder/issues/1797","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/ZoneMinder/issues/1797"},{"reference_url":"http://www.securityfocus.com/bid/97001","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858329","reference_id":"858329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858329"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.30.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.30.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.30.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7203","reference_id":"CVE-2017-7203","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7203"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2017-7203"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqfu-4m9a-hbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94214?format=json","vulnerability_id":"VCID-cccj-wgfh-3fg4","summary":"An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53654","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53703","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53871","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53799","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53883","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53921","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53926","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53907","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53874","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53885","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53899","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53819","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777"},{"reference_url":"https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2436","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2436"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375","reference_id":"920375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6777","reference_id":"CVE-2019-6777","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6777"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-6777"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-wgfh-3fg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94232?format=json","vulnerability_id":"VCID-dk87-j5dz-6bed","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7328","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58189","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2449","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7328","reference_id":"CVE-2019-7328","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7328"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7328"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk87-j5dz-6bed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93221?format=json","vulnerability_id":"VCID-dp5c-4aaa-uyaq","summary":"A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5595","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43164","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43221","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43249","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43188","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43239","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43251","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43241","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43225","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43286","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43275","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4321","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43145","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43147","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43067","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42932","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5595"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5595","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5595"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733","reference_id":"854733","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2017-5595"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5c-4aaa-uyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94217?format=json","vulnerability_id":"VCID-dpp2-3t2d-d3e4","summary":"A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991","reference_id":"","reference_type":"","scores":[{"value":"0.05263","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05263","scoring_system":"epss","scoring_elements":"0.9002","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89987","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89973","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2478","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2478"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/pull/2482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/pull/2482"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000","reference_id":"921000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6991","reference_id":"CVE-2019-6991","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6991"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-6991"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpp2-3t2d-d3e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94236?format=json","vulnerability_id":"VCID-dz5v-tqce-a7ew","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7332","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58189","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2442","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2442"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7332","reference_id":"CVE-2019-7332","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7332"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7332"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dz5v-tqce-a7ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94239?format=json","vulnerability_id":"VCID-edec-sj6n-n7d7","summary":"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7335","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2453","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2453"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7335","reference_id":"CVE-2019-7335","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7335"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-edec-sj6n-n7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92837?format=json","vulnerability_id":"VCID-f9wt-f98j-ekeh","summary":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10202","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50914","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50968","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50993","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51009","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51046","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51053","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51031","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50986","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50947","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50875","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10202"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9wt-f98j-ekeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94243?format=json","vulnerability_id":"VCID-fnhr-cs7k-gkeu","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7339","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2460","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2460"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7339","reference_id":"CVE-2019-7339","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7339"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7339"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhr-cs7k-gkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94218?format=json","vulnerability_id":"VCID-g1r5-fbsj-n3dr","summary":"A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53678","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53861","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53835","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53887","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53885","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53932","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53814","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53898","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53936","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53922","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53889","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53901","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53914","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53833","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2445","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2445"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999","reference_id":"920999","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6992","reference_id":"CVE-2019-6992","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6992"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-6992"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1r5-fbsj-n3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93954?format=json","vulnerability_id":"VCID-hpah-sv5y-8bde","summary":"Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13072","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49438","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49466","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49493","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49446","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49501","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49496","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49513","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49485","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49534","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49375","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-13072"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpah-sv5y-8bde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94245?format=json","vulnerability_id":"VCID-jmdh-m4ty-gqch","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7341","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57943","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5808","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5803","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58044","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2463","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7341","reference_id":"CVE-2019-7341","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7341"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7341"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdh-m4ty-gqch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94230?format=json","vulnerability_id":"VCID-kgpe-97pr-suee","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7326","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55999","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56014","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2452","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2452"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7326","reference_id":"CVE-2019-7326","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7326"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7326"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgpe-97pr-suee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92830?format=json","vulnerability_id":"VCID-mx9e-1cur-mqfz","summary":"Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10140","reference_id":"","reference_type":"","scores":[{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96951","published_at":"2026-04-01T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96958","published_at":"2026-04-02T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96963","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96974","published_at":"2026-04-08T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96975","published_at":"2026-04-09T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96978","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96979","published_at":"2026-04-12T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.9698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96988","published_at":"2026-04-16T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96991","published_at":"2026-04-18T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96993","published_at":"2026-04-21T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96994","published_at":"2026-04-24T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96996","published_at":"2026-04-26T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.96998","published_at":"2026-04-29T12:55:00Z"},{"value":"0.34242","scoring_system":"epss","scoring_elements":"0.97003","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10140"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851710","reference_id":"851710","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851710"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10140"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mx9e-1cur-mqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94251?format=json","vulnerability_id":"VCID-p916-xnk3-rkce","summary":"A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7347","reference_id":"","reference_type":"","scores":[{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.6742","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67445","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67313","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67349","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67372","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.6735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67401","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67414","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67435","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67425","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67436","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67434","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2476","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2476"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7347","reference_id":"CVE-2019-7347","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7347"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7347"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p916-xnk3-rkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94233?format=json","vulnerability_id":"VCID-pr1z-g8aw-tqez","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7329","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55587","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5564","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55817","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55955","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55991","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55994","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55969","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55896","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55973","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55929","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2446","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7329","reference_id":"CVE-2019-7329","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7329"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7329"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1z-g8aw-tqez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94234?format=json","vulnerability_id":"VCID-qn8h-k43x-p7cs","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7330","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58189","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2448","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2448"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7330","reference_id":"CVE-2019-7330","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7330"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7330"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn8h-k43x-p7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94276?format=json","vulnerability_id":"VCID-qs2j-ektc-2kf9","summary":"skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8426","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55844","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55896","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55821","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55933","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55955","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55997","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55977","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55959","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55995","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55998","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55973","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5592","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426"},{"reference_url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss"},{"reference_url":"https://www.seebug.org/vuldb/ssvid-97766","reference_id":"","reference_type":"","scores":[],"url":"https://www.seebug.org/vuldb/ssvid-97766"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8426","reference_id":"CVE-2019-8426","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-8426"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qs2j-ektc-2kf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94242?format=json","vulnerability_id":"VCID-qxmt-szsx-y7a8","summary":"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7338","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2454","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2454"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7338","reference_id":"CVE-2019-7338","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7338"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7338"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxmt-szsx-y7a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94252?format=json","vulnerability_id":"VCID-qxtk-taxx-1kde","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7348","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51683","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51734","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51688","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51738","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51725","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51779","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51776","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51826","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51805","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51832","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5182","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5177","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2467","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2467"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7348","reference_id":"CVE-2019-7348","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7348"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7348"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxtk-taxx-1kde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94516?format=json","vulnerability_id":"VCID-r3pj-815v-uubu","summary":"Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25730","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48713","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48797","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48776","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48795","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48849","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48845","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48861","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48844","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48893","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4889","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48837","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48846","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25730"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413","reference_id":"9268db14a79c4ccd444c2bf8d24e62b13207b413","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:46:50Z/"}],"url":"https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2020-25730"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3pj-815v-uubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92838?format=json","vulnerability_id":"VCID-r4zz-6j52-cue5","summary":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10203","reference_id":"","reference_type":"","scores":[{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55467","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55603","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55581","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55636","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55645","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55607","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55648","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55628","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55573","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55547","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55494","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10203"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10203"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-6j52-cue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93434?format=json","vulnerability_id":"VCID-r751-csse-zuaq","summary":"ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000833","reference_id":"","reference_type":"","scores":[{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83503","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83515","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.8353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83563","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83578","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83572","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83568","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83602","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83603","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83634","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83638","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83662","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000833"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024","reference_id":"917024","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2018-1000833"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r751-csse-zuaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93218?format=json","vulnerability_id":"VCID-rdyb-mgsn-gyb5","summary":"ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5368","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.4257","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42641","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42669","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.4261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42661","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.4266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42643","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42703","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42689","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42626","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.4255","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42466","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42324","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5368"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733","reference_id":"854733","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2017-5368"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdyb-mgsn-gyb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92840?format=json","vulnerability_id":"VCID-sdf7-gmgd-pkf8","summary":"Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10205","reference_id":"","reference_type":"","scores":[{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72953","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72965","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72984","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.7296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72997","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73011","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73015","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73008","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.7305","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.7306","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73052","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73092","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73103","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.731","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73094","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10205"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdf7-gmgd-pkf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94241?format=json","vulnerability_id":"VCID-t5fd-hvgs-sue7","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7337","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55095","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55146","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55074","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55199","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55174","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55223","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55216","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55197","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55236","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55219","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55154","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2456","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2456"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7337","reference_id":"CVE-2019-7337","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7337"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7337"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fd-hvgs-sue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92453?format=json","vulnerability_id":"VCID-tj5u-pm5u-4ug6","summary":"includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910"},{"reference_url":"http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/","reference_id":"","reference_type":"","scores":[],"url":"http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0232","reference_id":"","reference_type":"","scores":[{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99033","published_at":"2026-05-05T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99012","published_at":"2026-04-01T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99013","published_at":"2026-04-02T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99016","published_at":"2026-04-04T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99018","published_at":"2026-04-07T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99019","published_at":"2026-04-09T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.9902","published_at":"2026-04-11T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99022","published_at":"2026-04-13T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99024","published_at":"2026-04-18T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99025","published_at":"2026-04-21T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99026","published_at":"2026-04-24T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.99028","published_at":"2026-04-26T12:55:00Z"},{"value":"0.7823","scoring_system":"epss","scoring_elements":"0.9903","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0232"},{"reference_url":"http://www.debian.org/security/2013/dsa-2640","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2640"},{"reference_url":"http://www.exploit-db.com/exploits/24310","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/24310"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/01/28/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/01/28/2"},{"reference_url":"http://www.osvdb.org/89529","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/89529"},{"reference_url":"http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771","reference_id":"","reference_type":"","scores":[],"url":"http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910","reference_id":"698910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.24.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.24.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.25.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.25.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.25.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0232","reference_id":"CVE-2013-0232","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0232"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/24310.rb","reference_id":"OSVDB-89529;CVE-2013-0332;CVE-2013-0232","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/24310.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049097?format=json","purl":"pkg:deb/debian/zoneminder@1.25.0-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11zt-rw3z-87gx"},{"vulnerability":"VCID-23ug-uzth-tybf"},{"vulnerability":"VCID-35hj-x1e2-eug1"},{"vulnerability":"VCID-3zrk-nztf-nqfd"},{"vulnerability":"VCID-4zbd-b8b7-tfa4"},{"vulnerability":"VCID-5ba3-bxk1-pbht"},{"vulnerability":"VCID-694p-mbsg-e7f6"},{"vulnerability":"VCID-6mdb-h6fb-c7d6"},{"vulnerability":"VCID-6xnz-k4kg-eqhd"},{"vulnerability":"VCID-7x1r-12y1-ekfk"},{"vulnerability":"VCID-8uu9-g2r8-nyep"},{"vulnerability":"VCID-8vh1-pk4c-63hz"},{"vulnerability":"VCID-9rr3-tdb4-1kdm"},{"vulnerability":"VCID-aqfu-4m9a-hbd4"},{"vulnerability":"VCID-cccj-wgfh-3fg4"},{"vulnerability":"VCID-dk87-j5dz-6bed"},{"vulnerability":"VCID-dp5c-4aaa-uyaq"},{"vulnerability":"VCID-dpp2-3t2d-d3e4"},{"vulnerability":"VCID-dz5v-tqce-a7ew"},{"vulnerability":"VCID-edec-sj6n-n7d7"},{"vulnerability":"VCID-f9wt-f98j-ekeh"},{"vulnerability":"VCID-fnhr-cs7k-gkeu"},{"vulnerability":"VCID-g1r5-fbsj-n3dr"},{"vulnerability":"VCID-hpah-sv5y-8bde"},{"vulnerability":"VCID-jmdh-m4ty-gqch"},{"vulnerability":"VCID-kgpe-97pr-suee"},{"vulnerability":"VCID-mx9e-1cur-mqfz"},{"vulnerability":"VCID-p916-xnk3-rkce"},{"vulnerability":"VCID-pr1z-g8aw-tqez"},{"vulnerability":"VCID-qn8h-k43x-p7cs"},{"vulnerability":"VCID-qs2j-ektc-2kf9"},{"vulnerability":"VCID-qxmt-szsx-y7a8"},{"vulnerability":"VCID-qxtk-taxx-1kde"},{"vulnerability":"VCID-r3pj-815v-uubu"},{"vulnerability":"VCID-r4zz-6j52-cue5"},{"vulnerability":"VCID-r751-csse-zuaq"},{"vulnerability":"VCID-rdyb-mgsn-gyb5"},{"vulnerability":"VCID-sdf7-gmgd-pkf8"},{"vulnerability":"VCID-t5fd-hvgs-sue7"},{"vulnerability":"VCID-ug2b-2eg5-jfbb"},{"vulnerability":"VCID-ukjs-5za3-xqdb"},{"vulnerability":"VCID-v56x-raf9-kydq"},{"vulnerability":"VCID-w96c-3tde-d7b1"},{"vulnerability":"VCID-wdng-puzu-5kah"},{"vulnerability":"VCID-xj45-xv47-ruhe"},{"vulnerability":"VCID-y3vt-x7b1-4yer"},{"vulnerability":"VCID-ys4w-ngmr-mbh9"},{"vulnerability":"VCID-yxpy-5fmj-cbb7"},{"vulnerability":"VCID-zu3w-apm5-8bdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.25.0-4"}],"aliases":["CVE-2013-0232"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tj5u-pm5u-4ug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94253?format=json","vulnerability_id":"VCID-ug2b-2eg5-jfbb","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7349","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2465","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2465"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7349","reference_id":"CVE-2019-7349","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7349"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7349"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ug2b-2eg5-jfbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94248?format=json","vulnerability_id":"VCID-ukjs-5za3-xqdb","summary":"Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7344","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2455","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2455"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7344","reference_id":"CVE-2019-7344","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7344"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7344"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukjs-5za3-xqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94274?format=json","vulnerability_id":"VCID-v56x-raf9-kydq","summary":"ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8424","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55722","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5578","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55707","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5582","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55843","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55885","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55865","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55846","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55887","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55787","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55805","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424"},{"reference_url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection"},{"reference_url":"https://www.seebug.org/vuldb/ssvid-97763","reference_id":"","reference_type":"","scores":[],"url":"https://www.seebug.org/vuldb/ssvid-97763"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8424","reference_id":"CVE-2019-8424","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8424"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-8424"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v56x-raf9-kydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92839?format=json","vulnerability_id":"VCID-w96c-3tde-d7b1","summary":"SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10204","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53376","published_at":"2026-04-24T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53351","published_at":"2026-04-29T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53306","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66751","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66766","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66785","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66772","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66663","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.6679","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66775","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66743","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66729","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66702","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10204"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10204"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w96c-3tde-d7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94231?format=json","vulnerability_id":"VCID-wdng-puzu-5kah","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7327","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58189","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2447","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2447"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7327","reference_id":"CVE-2019-7327","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7327"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7327"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdng-puzu-5kah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94250?format=json","vulnerability_id":"VCID-xj45-xv47-ruhe","summary":"A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7346","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38721","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38845","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.3925","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39273","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39263","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39274","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39236","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39271","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39241","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38945","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38926","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2469","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2469"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7346","reference_id":"CVE-2019-7346","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7346"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xj45-xv47-ruhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94238?format=json","vulnerability_id":"VCID-y3vt-x7b1-4yer","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7334","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55661","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2443","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2443"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7334","reference_id":"CVE-2019-7334","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2019-7334"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vt-x7b1-4yer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92836?format=json","vulnerability_id":"VCID-ys4w-ngmr-mbh9","summary":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10201","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50914","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50968","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50993","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51009","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51046","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51053","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51031","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50986","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50947","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50875","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10201"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10201"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys4w-ngmr-mbh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94515?format=json","vulnerability_id":"VCID-yxpy-5fmj-cbb7","summary":"ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25729","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67069","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67106","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67104","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67154","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67167","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67172","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67141","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67175","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67189","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67169","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.6719","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67201","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2020-25729"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxpy-5fmj-cbb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92841?format=json","vulnerability_id":"VCID-zu3w-apm5-8bdw","summary":"Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10206","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32517","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32702","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32523","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3257","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32596","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32598","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32533","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32516","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32231","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32146","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32007","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10206"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272","reference_id":"854272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994886?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1"}],"aliases":["CVE-2016-10206"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zu3w-apm5-8bdw"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.24.2-8%252Bsqueeze1"}