ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which stems from the fact that the program is not properly filtered and can be exploited by remote attackers with the ‘Exportfile’ parameter to execute HTML or JavaScript code.