zoneminder:edge is vulnerable to Cross Site Scripting (XSS). It exists in ZoneMinder, allowing an attacker to execute HTML or JavaScript code via a vulnerable ‘username’ parameter value in the view user (user.php) because proper filtration is omitted.