{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","type":"apk","namespace":"alpine","name":"zoneminder","version":"1.36.7-r0","qualifiers":{"arch":"x86_64","distroversion":"v3.18","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.36.31-r0","latest_non_vulnerable_version":"1.36.31-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207410?format=json","vulnerability_id":"VCID-1ecy-jjyj-fucm","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7341"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ecy-jjyj-fucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207414?format=json","vulnerability_id":"VCID-2wev-eqfp-pqbb","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7345"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wev-eqfp-pqbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207395?format=json","vulnerability_id":"VCID-68nb-cczr-37bv","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7329"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-68nb-cczr-37bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207402?format=json","vulnerability_id":"VCID-91g7-e5sy-7yhc","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7334"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91g7-e5sy-7yhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207415?format=json","vulnerability_id":"VCID-aet5-4ybv-tug1","summary":"A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7346"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aet5-4ybv-tug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207393?format=json","vulnerability_id":"VCID-bhdr-wh8b-muef","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7328"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhdr-wh8b-muef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207409?format=json","vulnerability_id":"VCID-d8pt-mbmg-z7av","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7340"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d8pt-mbmg-z7av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207371?format=json","vulnerability_id":"VCID-rss3-dfm5-hfe8","summary":"A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001","reference_id":"921001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-6990"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rss3-dfm5-hfe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207416?format=json","vulnerability_id":"VCID-sfe1-355f-87hz","summary":"A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7347"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfe1-355f-87hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207906?format=json","vulnerability_id":"VCID-sjv9-gupv-qyf9","summary":"ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2020-25729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjv9-gupv-qyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207419?format=json","vulnerability_id":"VCID-w7s2-fuwq-k7fr","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7349"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7s2-fuwq-k7fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207450?format=json","vulnerability_id":"VCID-wg8r-91ys-wqaf","summary":"ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-8423"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg8r-91ys-wqaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207390?format=json","vulnerability_id":"VCID-x7f2-cjpj-9ya9","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7326"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7f2-cjpj-9ya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207408?format=json","vulnerability_id":"VCID-y3ym-yhmt-rbcx","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/120614?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2019-7339"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3ym-yhmt-rbcx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"}