CVE-2008-3881

ZoneMinder <1.23.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.

References (4)

[Vendor Advisory] http://secunia.com/advisories/31636

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44725

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/495745/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30843

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status draft

Affected Products (37)

zoneminder/zoneminder < 1.23.3

zoneminder/zoneminder

... and 22 more

Timeline

Published Sep 02, 2008

Tracked Since Feb 18, 2026