CVE-2020-25730

HIGH

Zoneminder < 1.34.21 - XSS

Title source: rule

Description

Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.

References (1)

Core 1

Core References

Patch

https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413

View Patch ZIP pw:eip

Scores

CVSS v3 8.2

EPSS 0.0026

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

zoneminder/zoneminder < 1.34.21

Published Apr 04, 2024

Tracked Since Feb 18, 2026