ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program is not properly filtered and a remote attacker can execute HTML or JavaScript code with the help of the ‘filter[Query][terms][0][val]’ parameter. The vulnerability can be exploited to execute HTML or JavaScript code.