ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which can be exploited by remote attackers with the ‘newMonitor[V4LCapturesPerFrame]’ parameter to execute HTML or JavaScript code.