ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which stems from the events.php file displaying the ‘limit’ parameter value without arbitrary output filtering, which can be exploited by remote attackers to execute scripts in the browser used to browser to execute scripts.