CVE-2024-43359

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Sep 4, 2024

CWE ID 79

Summary

CVE-2024-43359 is a newly disclosed cross-site scripting (XSS) vulnerability affecting ZoneMinder, a popular open-source CCTV software application. The issue is located in the montagereview feature and can be exploited through manipulation of the displayinterval, speed, and scale parameters. Attackers can inject malicious scripts into affected systems, potentially gaining unauthorized access to user data or taking control of the application. Users are advised to upgrade to ZoneMinder versions 1.36.34 or 1.37.61 as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ZoneMinder

Affected Vendors

Zoneminder

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xn7-CH
https://www.cve.org/CVERecord?id=CVE-2024-43359
https://nvd.nist.gov/vuln/detail/CVE-2024-43359

Back to Vulnerability Database