{"url":"http://public2.vulnerablecode.io/api/packages/944008?format=json","purl":"pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie","type":"deb","namespace":"debian","name":"zoneminder","version":"1.32.3-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.34.6-1","latest_non_vulnerable_version":"1.36.37+dfsg1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94216?format=json","vulnerability_id":"VCID-8vh1-pk4c-63hz","summary":"A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49482","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50522","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50529","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50526","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50438","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50544","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50573","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50577","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50555","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50501","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5051","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50495","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6990"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2444","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001","reference_id":"921001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921001"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6990","reference_id":"CVE-2019-6990","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6990"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/944008?format=json","purl":"pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943998?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943996?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/944000?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943999?format=json","purl":"pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-6990"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vh1-pk4c-63hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93433?format=json","vulnerability_id":"VCID-9rr3-tdb4-1kdm","summary":"ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000832","reference_id":"","reference_type":"","scores":[{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92151","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92158","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92164","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92167","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92188","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92184","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92194","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92196","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92199","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.922","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0816","scoring_system":"epss","scoring_elements":"0.92208","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000832"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024","reference_id":"917024","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/944008?format=json","purl":"pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943998?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943996?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/944000?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943999?format=json","purl":"pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-1000832"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9rr3-tdb4-1kdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94214?format=json","vulnerability_id":"VCID-cccj-wgfh-3fg4","summary":"An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53654","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53703","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53871","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53799","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53883","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53921","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53926","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53907","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53874","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53885","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53899","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53819","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777"},{"reference_url":"https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2436","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2436"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375","reference_id":"920375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:1.32.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6777","reference_id":"CVE-2019-6777","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6777"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/944008?format=json","purl":"pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943998?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943996?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/944000?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943999?format=json","purl":"pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-6777"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-wgfh-3fg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94217?format=json","vulnerability_id":"VCID-dpp2-3t2d-d3e4","summary":"A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991","reference_id":"","reference_type":"","scores":[{"value":"0.05263","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05263","scoring_system":"epss","scoring_elements":"0.9002","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89987","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89973","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6991"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2478","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2478"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/pull/2482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/pull/2482"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000","reference_id":"921000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921000"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6991","reference_id":"CVE-2019-6991","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6991"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/944008?format=json","purl":"pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943998?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943996?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/944000?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943999?format=json","purl":"pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-6991"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpp2-3t2d-d3e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94218?format=json","vulnerability_id":"VCID-g1r5-fbsj-n3dr","summary":"A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53678","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53861","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53835","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53887","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53885","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53932","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53814","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53898","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53936","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53922","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53889","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53901","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53914","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.53833","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498"},{"reference_url":"https://github.com/ZoneMinder/zoneminder/issues/2445","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ZoneMinder/zoneminder/issues/2445"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999","reference_id":"920999","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6992","reference_id":"CVE-2019-6992","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6992"},{"reference_url":"https://usn.ubuntu.com/5889-1/","reference_id":"USN-5889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/944008?format=json","purl":"pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943998?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943996?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/944000?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943999?format=json","purl":"pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-6992"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1r5-fbsj-n3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93434?format=json","vulnerability_id":"VCID-r751-csse-zuaq","summary":"ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000833","reference_id":"","reference_type":"","scores":[{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83503","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83515","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.8353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83563","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83578","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83572","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83568","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83602","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83603","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83634","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83638","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01979","scoring_system":"epss","scoring_elements":"0.83662","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000833"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024","reference_id":"917024","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/944008?format=json","purl":"pkg:deb/debian/zoneminder@1.32.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943998?format=json","purl":"pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-4qtk-7myx-vfcd"},{"vulnerability":"VCID-7vc9-wfjb-t3ba"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-95ub-6q5w-p3cm"},{"vulnerability":"VCID-9kh5-715y-pud4"},{"vulnerability":"VCID-d117-rhnc-rkhf"},{"vulnerability":"VCID-fyy1-fwys-xkbj"},{"vulnerability":"VCID-j283-1m9p-13hn"},{"vulnerability":"VCID-jukn-h868-5ugm"},{"vulnerability":"VCID-kk5d-y2z8-r3g2"},{"vulnerability":"VCID-mdkd-vmcp-afa8"},{"vulnerability":"VCID-mk5h-586t-pyga"},{"vulnerability":"VCID-n8y3-5fb9-kucb"},{"vulnerability":"VCID-tyu6-8h17-8yh5"},{"vulnerability":"VCID-uybk-r4q9-gyac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943996?format=json","purl":"pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xuk-942c-kkbf"},{"vulnerability":"VCID-4mfm-zzrx-6ffb"},{"vulnerability":"VCID-7x51-uyq2-9qax"},{"vulnerability":"VCID-mdkd-vmcp-afa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/944000?format=json","purl":"pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943999?format=json","purl":"pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-1000833"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r751-csse-zuaq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.32.3-2%3Fdistro=trixie"}