{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","type":"apk","namespace":"alpine","name":"zoneminder","version":"1.36.7-r0","qualifiers":{"arch":"x86_64","distroversion":"v3.15","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107262?format=json","vulnerability_id":"VCID-27em-r2xk-byan","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7333","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7333"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27em-r2xk-byan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107274?format=json","vulnerability_id":"VCID-4vty-tzwn-47fe","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7342","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47286","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47289","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47271","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47241","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47254","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7342"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vty-tzwn-47fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107260?format=json","vulnerability_id":"VCID-67te-q79b-yqhp","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named \"signal check color\" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7331","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7331"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67te-q79b-yqhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107286?format=json","vulnerability_id":"VCID-6dsa-zxcr-yqem","summary":"ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8423","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53937","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53995","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54002","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5399","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53968","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53991","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-8423"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dsa-zxcr-yqem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107257?format=json","vulnerability_id":"VCID-7mg8-sfvp-sbdb","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7328","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7328"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mg8-sfvp-sbdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107264?format=json","vulnerability_id":"VCID-7pt6-r4ua-v3a6","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7334","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7334"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pt6-r4ua-v3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107281?format=json","vulnerability_id":"VCID-84c5-q2b2-3bd3","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7348","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43214","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43223","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43202","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43167","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43177","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7348"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84c5-q2b2-3bd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107265?format=json","vulnerability_id":"VCID-944q-45ph-cudb","summary":"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7335","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7335"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-944q-45ph-cudb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107278?format=json","vulnerability_id":"VCID-96t5-qyza-qfgb","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7345","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46568","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46634","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46635","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46614","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46586","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46597","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7345"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96t5-qyza-qfgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107280?format=json","vulnerability_id":"VCID-9hjf-6xgq-p7bg","summary":"A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7347","reference_id":"","reference_type":"","scores":[{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68415","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68464","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68458","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68442","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.6846","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7347"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hjf-6xgq-p7bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107283?format=json","vulnerability_id":"VCID-a8n5-6pp2-uua2","summary":"Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7350","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51771","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51829","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51838","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51817","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51786","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51804","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7350"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7350"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8n5-6pp2-uua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107275?format=json","vulnerability_id":"VCID-aaxe-mea1-g3hs","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7343","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aaxe-mea1-g3hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107267?format=json","vulnerability_id":"VCID-b2jg-wtmd-pkfy","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7337","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46568","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46634","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46635","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46614","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46586","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46597","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7337"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2jg-wtmd-pkfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107279?format=json","vulnerability_id":"VCID-b7cg-1t5e-j3gt","summary":"A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7346","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33908","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34011","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34025","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33992","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33959","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33981","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7346"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7cg-1t5e-j3gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107266?format=json","vulnerability_id":"VCID-befj-sj7w-afac","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7336","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7336"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-befj-sj7w-afac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107252?format=json","vulnerability_id":"VCID-dqpn-ypkc-judz","summary":"A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991","reference_id":"","reference_type":"","scores":[{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94353","published_at":"2026-06-04T12:55:00Z"},{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94361","published_at":"2026-06-05T12:55:00Z"},{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94362","published_at":"2026-06-06T12:55:00Z"},{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94364","published_at":"2026-06-07T12:55:00Z"},{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94363","published_at":"2026-06-08T12:55:00Z"},{"value":"0.13529","scoring_system":"epss","scoring_elements":"0.94368","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000","reference_id":"921000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-6991"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqpn-ypkc-judz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107254?format=json","vulnerability_id":"VCID-dz23-rrz4-sqfd","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7325","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7325"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dz23-rrz4-sqfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107268?format=json","vulnerability_id":"VCID-eamp-7g6p-zyae","summary":"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7338","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7338"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eamp-7g6p-zyae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107277?format=json","vulnerability_id":"VCID-fupb-uc9y-67ha","summary":"Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7344","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7344"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fupb-uc9y-67ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107259?format=json","vulnerability_id":"VCID-gxe4-g258-ekb7","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7330","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7330"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxe4-g258-ekb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107250?format=json","vulnerability_id":"VCID-jkjk-rv6g-87b6","summary":"An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44986","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45055","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45059","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45039","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4501","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45022","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375","reference_id":"920375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-6777"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkjk-rv6g-87b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107261?format=json","vulnerability_id":"VCID-jq42-tmgz-muex","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7332","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7332"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jq42-tmgz-muex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107253?format=json","vulnerability_id":"VCID-jzqr-yd7g-vkby","summary":"A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45035","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45103","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45108","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45088","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45059","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45071","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999","reference_id":"920999","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-6992"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzqr-yd7g-vkby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107285?format=json","vulnerability_id":"VCID-kt6k-fsm6-e7dt","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7352","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7352"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kt6k-fsm6-e7dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107282?format=json","vulnerability_id":"VCID-m49w-gneb-xyh9","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7349","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7349"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m49w-gneb-xyh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107293?format=json","vulnerability_id":"VCID-mnfb-4egn-ayaw","summary":"ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25729","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60885","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60933","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60941","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.6093","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60912","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60929","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2020-25729"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mnfb-4egn-ayaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107258?format=json","vulnerability_id":"VCID-mwdw-gvde-gfdh","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7329","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47286","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47289","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47271","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47241","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47254","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7329"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwdw-gvde-gfdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107251?format=json","vulnerability_id":"VCID-n37j-eajg-6kg4","summary":"A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40938","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40943","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40912","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40881","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40892","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001","reference_id":"921001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-6990"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n37j-eajg-6kg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107255?format=json","vulnerability_id":"VCID-np2z-kh4a-rbas","summary":"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7326","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7326"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-np2z-kh4a-rbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107284?format=json","vulnerability_id":"VCID-qcvq-e52e-zkh2","summary":"Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7351","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48692","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48753","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48743","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48714","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.4873","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7351"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7351"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcvq-e52e-zkh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107272?format=json","vulnerability_id":"VCID-qkyr-y9qe-xfd8","summary":"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7341","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7341"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkyr-y9qe-xfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107269?format=json","vulnerability_id":"VCID-rbh8-97v1-67hj","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7339","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47465","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7339"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbh8-97v1-67hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107249?format=json","vulnerability_id":"VCID-ruaq-u6jr-9qgc","summary":"Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13072","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38161","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38249","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38252","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38225","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38196","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38206","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-13072"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruaq-u6jr-9qgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107256?format=json","vulnerability_id":"VCID-t6e1-bj65-3ked","summary":"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7327","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7327"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t6e1-bj65-3ked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107271?format=json","vulnerability_id":"VCID-ws74-7vge-fqaw","summary":"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7340","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49795","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49857","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49836","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724","reference_id":"922724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/309251?format=json","purl":"pkg:apk/alpine/zoneminder@1.36.7-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2019-7340"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ws74-7vge-fqaw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"}