ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and previous versions, which can be exploited by remote attackers to execute HTML or JavaScript code with the help of the ‘username’ parameter.