orchardcore is vulnerable to Cross-site Scripting (XSS) attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject log entries into the database logs, containing a malicious referrer field.
CPE | Name | Operator | Version |
---|---|---|---|
zoneminder:sid | eq | 1.34.21-1 | |
zoneminder:sid | eq | 1.36.7+dfsg1-1 | |
zoneminder:sid | eq | 1.34.21-1 | |
zoneminder:sid | eq | 1.36.7+dfsg1-1 |
github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81
github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0
github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308
github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v
security-tracker.debian.org/tracker/CVE-2023-25825