ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and prior versions, which stems from the fact that the program does not validate input or filter output, and can be exploited by remote attackers to inject malicious scripts into a page and execute the script in the user’s browser.