XSS in Zoneminder

CVE-2024-43359

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (29.4th percentile) — read the EPSS interpretation.

Affected products

  • Zoneminder — versions < 1.36.34, >= 1.37.0, < 1.37.61

Weakness classification (CWE)

References