Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/944009?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "zoneminder", "version": "1.34.6-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.34.21-1", "latest_non_vulnerable_version": "1.36.37+dfsg1-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94237?format=api", "vulnerability_id": "VCID-11zt-rw3z-87gx", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58071", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5803", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2441" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7333", "reference_id": "CVE-2019-7333", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7333" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7333" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11zt-rw3z-87gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94256?format=api", "vulnerability_id": "VCID-23ug-uzth-tybf", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2475" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7352", "reference_id": "CVE-2019-7352", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7352" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7352" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23ug-uzth-tybf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94278?format=api", "vulnerability_id": "VCID-35hj-x1e2-eug1", "summary": "ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55868", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55808", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55707", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5582", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55821", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55872", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55885", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55865", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55846", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55887", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5586", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55805", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5578", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55722", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55782", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8428" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428" }, { "reference_url": "https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli" }, { "reference_url": "https://www.seebug.org/vuldb/ssvid-97765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.seebug.org/vuldb/ssvid-97765" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8428", "reference_id": "CVE-2019-8428", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-8428" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35hj-x1e2-eug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94249?format=api", "vulnerability_id": "VCID-3zrk-nztf-nqfd", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46417", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46348", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46374", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46415", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46435", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46383", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46439", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46463", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46434", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46444", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46498", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46423", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46288", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46354", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46315", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2468" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7345", "reference_id": "CVE-2019-7345", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7345" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7345" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrk-nztf-nqfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94229?format=api", "vulnerability_id": "VCID-4zbd-b8b7-tfa4", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55914", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55935", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56011", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5597", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55999", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56013", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2450" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7325", "reference_id": "CVE-2019-7325", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7325" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7325" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbd-b8b7-tfa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94240?format=api", "vulnerability_id": "VCID-5ba3-bxk1-pbht", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7336" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2457" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7336", "reference_id": "CVE-2019-7336", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7336" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7336" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ba3-bxk1-pbht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94246?format=api", "vulnerability_id": "VCID-6mdb-h6fb-c7d6", "summary": "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55733", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55691", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55561", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55673", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55695", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.557", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5574", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55722", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55647", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55664", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5564", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55587", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55634", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2461" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7342", "reference_id": "CVE-2019-7342", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7342" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7342" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mdb-h6fb-c7d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94247?format=api", "vulnerability_id": "VCID-6xnz-k4kg-eqhd", "summary": "Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58071", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5803", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2464" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7343", "reference_id": "CVE-2019-7343", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7343" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7343" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xnz-k4kg-eqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94244?format=api", "vulnerability_id": "VCID-7x1r-12y1-ekfk", "summary": "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58071", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5803", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2462" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7340", "reference_id": "CVE-2019-7340", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7340" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7340" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7x1r-12y1-ekfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94235?format=api", "vulnerability_id": "VCID-8uu9-g2r8-nyep", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named \"signal check color\" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55914", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55935", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56011", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5597", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55999", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56013", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2451" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7331", "reference_id": "CVE-2019-7331", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7331" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7331" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uu9-g2r8-nyep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94232?format=api", "vulnerability_id": "VCID-dk87-j5dz-6bed", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58071", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58203", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58241", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7328" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7328", "reference_id": "CVE-2019-7328", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7328" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7328" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk87-j5dz-6bed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94236?format=api", "vulnerability_id": "VCID-dz5v-tqce-a7ew", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58071", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58203", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58241", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2442" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7332", "reference_id": "CVE-2019-7332", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7332" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7332" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dz5v-tqce-a7ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94239?format=api", "vulnerability_id": "VCID-edec-sj6n-n7d7", "summary": "Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2453" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7335", "reference_id": "CVE-2019-7335", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7335" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7335" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edec-sj6n-n7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94243?format=api", "vulnerability_id": "VCID-fnhr-cs7k-gkeu", "summary": "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2460" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7339", "reference_id": "CVE-2019-7339", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7339" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7339" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhr-cs7k-gkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93954?format=api", "vulnerability_id": "VCID-hpah-sv5y-8bde", "summary": "Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49438", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49466", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49493", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49501", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49496", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49513", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49485", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49488", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49534", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49533", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49503", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49457", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49375", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49434", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49463", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4941", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49437", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49507", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13072" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpah-sv5y-8bde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94245?format=api", "vulnerability_id": "VCID-jmdh-m4ty-gqch", "summary": "Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58071", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.581", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5803", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2463", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7341", "reference_id": "CVE-2019-7341", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7341" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7341" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdh-m4ty-gqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94230?format=api", "vulnerability_id": "VCID-kgpe-97pr-suee", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55914", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55935", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56011", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5597", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55999", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56013", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7326" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2452" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7326", "reference_id": "CVE-2019-7326", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7326" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7326" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgpe-97pr-suee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94251?format=api", "vulnerability_id": "VCID-p916-xnk3-rkce", "summary": "A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67561", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67499", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67313", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67349", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67372", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.6735", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67401", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67414", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67435", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67389", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67425", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67434", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67445", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.6742", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67465", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67503", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00534", "scoring_system": "epss", "scoring_elements": "0.67475", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2476" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7347", "reference_id": "CVE-2019-7347", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7347" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7347" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p916-xnk3-rkce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94233?format=api", "vulnerability_id": "VCID-pr1z-g8aw-tqez", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55733", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55673", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5564", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55587", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55634", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55691", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55647", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55955", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55991", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55817", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55969", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55896", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55916", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55994", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55929", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5598", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55973", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7329", "reference_id": "CVE-2019-7329", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7329" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7329" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1z-g8aw-tqez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94234?format=api", "vulnerability_id": "VCID-qn8h-k43x-p7cs", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58071", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58203", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58241", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2448" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7330", "reference_id": "CVE-2019-7330", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7330" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7330" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn8h-k43x-p7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94276?format=api", "vulnerability_id": "VCID-qs2j-ektc-2kf9", "summary": "skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55925", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55899", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55821", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55933", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55955", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55984", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55987", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55997", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55977", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55959", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55995", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55998", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55973", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.559", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5592", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55896", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55844", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55891", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.5595", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426" }, { "reference_url": "https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss" }, { "reference_url": "https://www.seebug.org/vuldb/ssvid-97766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.seebug.org/vuldb/ssvid-97766" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8426", "reference_id": "CVE-2019-8426", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-8426" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs2j-ektc-2kf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94242?format=api", "vulnerability_id": "VCID-qxmt-szsx-y7a8", "summary": "Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2454" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7338", "reference_id": "CVE-2019-7338", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7338" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7338" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxmt-szsx-y7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94252?format=api", "vulnerability_id": "VCID-qxtk-taxx-1kde", "summary": "Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51845", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51765", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51688", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51764", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51779", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51776", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51826", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51832", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51839", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5182", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5177", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51734", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51683", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51777", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5174", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7348" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2467" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7348", "reference_id": "CVE-2019-7348", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7348" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7348" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxtk-taxx-1kde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94241?format=api", "vulnerability_id": "VCID-t5fd-hvgs-sue7", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.5524", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.5518", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55175", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55199", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55174", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55223", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55236", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55239", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55219", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55154", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55146", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55095", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55137", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55194", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2456" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7337", "reference_id": "CVE-2019-7337", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7337" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7337" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fd-hvgs-sue7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94253?format=api", "vulnerability_id": "VCID-ug2b-2eg5-jfbb", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2465" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7349", "reference_id": "CVE-2019-7349", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7349" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7349" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ug2b-2eg5-jfbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94248?format=api", "vulnerability_id": "VCID-ukjs-5za3-xqdb", "summary": "Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2455" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7344", "reference_id": "CVE-2019-7344", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7344" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7344" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukjs-5za3-xqdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94274?format=api", "vulnerability_id": "VCID-v56x-raf9-kydq", "summary": "ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55868", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55808", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55707", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5582", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55821", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55872", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55885", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55865", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55846", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55887", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5586", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55805", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5578", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55722", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55782", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424" }, { "reference_url": "https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection" }, { "reference_url": "https://www.seebug.org/vuldb/ssvid-97763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.seebug.org/vuldb/ssvid-97763" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8424", "reference_id": "CVE-2019-8424", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8424" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-8424" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v56x-raf9-kydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94231?format=api", "vulnerability_id": "VCID-wdng-puzu-5kah", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58071", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58029", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.5809", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58104", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5825", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58203", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58209", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58236", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58241", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7327" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2447" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7327", "reference_id": "CVE-2019-7327", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7327" }, { "reference_url": "https://usn.ubuntu.com/5889-1/", "reference_id": "USN-5889-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5889-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7327" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdng-puzu-5kah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94250?format=api", "vulnerability_id": "VCID-xj45-xv47-ruhe", "summary": "A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38818", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38744", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3925", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39247", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39274", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39236", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39271", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39241", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39153", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38945", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38926", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38845", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38721", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38794", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3881", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38722", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2469" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7346", "reference_id": "CVE-2019-7346", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7346" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7346" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj45-xv47-ruhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94238?format=api", "vulnerability_id": "VCID-y3vt-x7b1-4yer", "summary": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7334", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55769", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55661", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55829", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55837", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55842", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5573", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55787", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7334" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/issues/2443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ZoneMinder/zoneminder/issues/2443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724", "reference_id": "922724", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7334", "reference_id": "CVE-2019-7334", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/944009?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943998?format=api", "purl": "pkg:deb/debian/zoneminder@1.34.23-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-4qtk-7myx-vfcd" }, { "vulnerability": "VCID-7vc9-wfjb-t3ba" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-95ub-6q5w-p3cm" }, { "vulnerability": "VCID-9kh5-715y-pud4" }, { "vulnerability": "VCID-d117-rhnc-rkhf" }, { "vulnerability": "VCID-fyy1-fwys-xkbj" }, { "vulnerability": "VCID-j283-1m9p-13hn" }, { "vulnerability": "VCID-jukn-h868-5ugm" }, { "vulnerability": "VCID-kk5d-y2z8-r3g2" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" }, { "vulnerability": "VCID-mk5h-586t-pyga" }, { "vulnerability": "VCID-n8y3-5fb9-kucb" }, { "vulnerability": "VCID-tyu6-8h17-8yh5" }, { "vulnerability": "VCID-uybk-r4q9-gyac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943996?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.33%2Bdfsg1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xuk-942c-kkbf" }, { "vulnerability": "VCID-4mfm-zzrx-6ffb" }, { "vulnerability": "VCID-7x51-uyq2-9qax" }, { "vulnerability": "VCID-mdkd-vmcp-afa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.33%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/944000?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.35%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.35%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943999?format=api", "purl": "pkg:deb/debian/zoneminder@1.36.37%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.36.37%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7334" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vt-x7b1-4yer" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zoneminder@1.34.6-1%3Fdistro=trixie" }