CVE-2024-43359 NONE

CVE-2024-43359: XSS vulnerabilities in montagereview

Vendor Zoneminder

Product zoneminder

Weakness CWE-79 · XSS

Published August 12, 2024

Last update August 13, 2024

View on NVD All CVEs

CVSS base score

0.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

What the vulnerability does

01Description

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.

Key dates

02Disclosure timeline

August 12, 2024 CVE published

August 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-43359

Related vulnerabilities

04Related CVE

CVE-2026-5157 code-projects Online Food Ordering System Order order.php cross site scripting CVE-2026-2943 SapneshNaik Student Management System index.php cross site scripting CVE-2024-8017 Cross-site Scripting (XSS) in open-webui/open-webui CVE-2023-30868 WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS) CVE-2024-11196 Multi-column Tag Map <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode

Identifiers

CVE CVE-2024-43359

CWE CWE-79

CVSS 0.0 / NONE

Affected versions

Vendor Zoneminder

Product zoneminder

Affected < 1.36.34

Vendor Zoneminder

Product zoneminder

Affected >= 1.37.0, < 1.37.61