{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","type":"apk","namespace":"alpine","name":"zoneminder","version":"1.36.7-r0","qualifiers":{"arch":"s390x","distroversion":"v3.18","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.36.31-r0","latest_non_vulnerable_version":"1.36.33-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207410?format=json","vulnerability_id":"VCID-1ecy-jjyj-fucm","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7341","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7341"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ecy-jjyj-fucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207403?format=json","vulnerability_id":"VCID-2cw6-ame8-sfgr","summary":"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7335","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7335"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2cw6-ame8-sfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207414?format=json","vulnerability_id":"VCID-2wev-eqfp-pqbb","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7345","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46656","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.468","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4681","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46795","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7345"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wev-eqfp-pqbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207395?format=json","vulnerability_id":"VCID-68nb-cczr-37bv","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7329","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47318","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47458","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47474","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47455","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7329"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-68nb-cczr-37bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207400?format=json","vulnerability_id":"VCID-7cat-vgpj-8uec","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7333","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7333"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cat-vgpj-8uec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207402?format=json","vulnerability_id":"VCID-91g7-e5sy-7yhc","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7334","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7334"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91g7-e5sy-7yhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207412?format=json","vulnerability_id":"VCID-9t2d-1k2q-vqbw","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7343","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t2d-1k2q-vqbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207406?format=json","vulnerability_id":"VCID-9t8b-1t7a-5ybc","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7337","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46656","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.468","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4681","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46795","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7337"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t8b-1t7a-5ybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207396?format=json","vulnerability_id":"VCID-9xbe-bp4w-eqha","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7330","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7330"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xbe-bp4w-eqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207413?format=json","vulnerability_id":"VCID-a1k2-vucc-8ygy","summary":"Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7344","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7344"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1k2-vucc-8ygy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207415?format=json","vulnerability_id":"VCID-aet5-4ybv-tug1","summary":"A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7346","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34019","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34196","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3422","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34199","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7346"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aet5-4ybv-tug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206779?format=json","vulnerability_id":"VCID-apax-feyh-dyeq","summary":"Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13072","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38257","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38431","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38454","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38443","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-13072"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-apax-feyh-dyeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207393?format=json","vulnerability_id":"VCID-bhdr-wh8b-muef","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7328","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7328"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhdr-wh8b-muef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207374?format=json","vulnerability_id":"VCID-cs27-duh9-m3gj","summary":"A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45124","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45273","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45286","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45274","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999","reference_id":"920999","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-6992"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs27-duh9-m3gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207409?format=json","vulnerability_id":"VCID-d8pt-mbmg-z7av","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7340","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7340"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d8pt-mbmg-z7av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207364?format=json","vulnerability_id":"VCID-dtnr-jg9d-mbhh","summary":"An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45075","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45225","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45238","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45226","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375","reference_id":"920375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-6777"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtnr-jg9d-mbhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207423?format=json","vulnerability_id":"VCID-fgsb-nr36-kkhf","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7352","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7352"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgsb-nr36-kkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207421?format=json","vulnerability_id":"VCID-haqb-upcm-tqbb","summary":"Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7350","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51869","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.52","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.52012","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51997","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7350"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7350"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-haqb-upcm-tqbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207407?format=json","vulnerability_id":"VCID-jjtm-n4qq-jkd3","summary":"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7338","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7338"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjtm-n4qq-jkd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207411?format=json","vulnerability_id":"VCID-nv78-vmxz-xkfn","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7342","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47318","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47458","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47474","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47455","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7342"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv78-vmxz-xkfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207371?format=json","vulnerability_id":"VCID-rss3-dfm5-hfe8","summary":"A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40949","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41115","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41137","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41126","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001","reference_id":"921001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-6990"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rss3-dfm5-hfe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207422?format=json","vulnerability_id":"VCID-s1sq-4jna-jqcb","summary":"Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7351","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48789","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48925","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48943","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48928","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7351"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7351"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1sq-4jna-jqcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207416?format=json","vulnerability_id":"VCID-sfe1-355f-87hz","summary":"A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7347","reference_id":"","reference_type":"","scores":[{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68517","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68606","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68619","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68614","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7347"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfe1-355f-87hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207906?format=json","vulnerability_id":"VCID-sjv9-gupv-qyf9","summary":"ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25729","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60995","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61101","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.6111","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2020-25729"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjv9-gupv-qyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207418?format=json","vulnerability_id":"VCID-t14a-jbvg-cydq","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7348","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43243","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.434","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43419","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4341","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7348"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t14a-jbvg-cydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207373?format=json","vulnerability_id":"VCID-tpue-5e75-4ydj","summary":"A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991","reference_id":"","reference_type":"","scores":[{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94382","published_at":"2026-06-11T12:55:00Z"},{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94402","published_at":"2026-06-12T12:55:00Z"},{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94406","published_at":"2026-06-13T12:55:00Z"},{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94408","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000","reference_id":"921000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-6991"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpue-5e75-4ydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207404?format=json","vulnerability_id":"VCID-v4ug-2ep5-1qgg","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7336","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7336"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4ug-2ep5-1qgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207399?format=json","vulnerability_id":"VCID-v73k-pche-7khs","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7332","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7332"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v73k-pche-7khs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207419?format=json","vulnerability_id":"VCID-w7s2-fuwq-k7fr","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7349","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7349"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7s2-fuwq-k7fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207450?format=json","vulnerability_id":"VCID-wg8r-91ys-wqaf","summary":"ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8423","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54059","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54185","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54202","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5419","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-8423"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg8r-91ys-wqaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207390?format=json","vulnerability_id":"VCID-x7f2-cjpj-9ya9","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7326","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7326"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7f2-cjpj-9ya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207392?format=json","vulnerability_id":"VCID-x9x6-uum2-17fa","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7327","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.50046","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7327"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9x6-uum2-17fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207398?format=json","vulnerability_id":"VCID-xjrn-5a89-cqcv","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named \"signal check color\" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7331","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7331"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjrn-5a89-cqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207408?format=json","vulnerability_id":"VCID-y3ym-yhmt-rbcx","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7339","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47664","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120612?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7339"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3ym-yhmt-rbcx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=s390x&distroversion=v3.18&reponame=community"}