Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reflective XSS vulnerability #2436

Closed
QiAnXinCodeSafe opened this issue Jan 23, 2019 · 3 comments
Closed

Reflective XSS vulnerability #2436

QiAnXinCodeSafe opened this issue Jan 23, 2019 · 3 comments

Comments

@QiAnXinCodeSafe
Copy link

Describe Your Environment
-ZoneMinder v1.32.3

Describe the bug
Reflective XSS vulnerability

To Reproduce
ZoneMinder has one reflective XSS vulnerabilities
1.plugin.php line 106
The parameters in the request are accepted at 39 lines, and the page is output at 106 lines without verification.
default
default

Expected behavior
The vulnerability mcan lead to user information leakage, unauthorized operation

Debug Logs


<insert debug logs here, please make sure they are within the ``` quotes so they are formatted properly>

@welcome
Copy link

welcome bot commented Jan 23, 2019

Thanks for opening your first issue here! Just a reminder, this forum is for Bug Reports only. Be sure to follow the issue template!

@mnoorenberghe
Copy link
Contributor

I can confirm the issue:
/zm/index.php?view=plugin&pl=%3Cimg%20src=%22%22%20onerror=%22alert(%27foo%27)%22%20/%3E&mid=1&zid=1

@carnil
Copy link

carnil commented Jan 24, 2019

CVE-2019-6777 was assigned for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants