ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which stems from the options.php file not validating the values of ‘WEB_TITLE, HOME_URL’, ’ HOME_CONTENT’ or ‘WEB_CONSOLE_BANNER’ values, a remote attacker could use this vulnerability to execute HTML or JavaScript code.