All errata/sisyphus/ALT-PU-2020-2881-2
ALT-PU-2020-2881-2

Package update zoneminder in branch sisyphus

Version1.34.21-alt1
Task#258557
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (2)

CVE-2020-25729
MEDIUM6.1

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

Published: 2020-09-17Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xMEDIUM 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
CVE-2020-25730
HIGH8.2

Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.

Published: 2024-04-04Modified: 2025-05-27
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
References