CVE-2024-43359
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Aug 12, 2024
Updated: Sep 4, 2024
CWE ID 79
Summary
CVE-2024-43359 is a newly disclosed cross-site scripting (XSS) vulnerability affecting ZoneMinder, a popular open-source CCTV software application. The issue is located in the montagereview feature and can be exploited through manipulation of the displayinterval, speed, and scale parameters. Attackers can inject malicious scripts into affected systems, potentially gaining unauthorized access to user data or taking control of the application. Users are advised to upgrade to ZoneMinder versions 1.36.34 or 1.37.61 as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- ZoneMinder
Affected Vendors
- Zoneminder