CVE-2017-5367

Name: CVE-2017-5367
Creator: NVD / NIST
Published: 2017-02-06T17:59:00.5+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.00%

Last modified Jun 17, 2026

CVE-2017-5367 is a vulnerability of currently unknown severity. Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).. EPSS estimates a 2.00% chance of exploitation in the next 30 days.

Description

Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).

Metrics

EPSS Probability

2.00%

78.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Zoneminder	Zoneminder	1.29.0
Zoneminder	Zoneminder	1.30.0

References

http://seclists.org/bugtraq/2017/Feb/6Exploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2017/Feb/11Exploit, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/96120
http://seclists.org/bugtraq/2017/Feb/6Exploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2017/Feb/11Exploit, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/96120

Timeline

Published: Feb 6, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-5367?

How severe is CVE-2017-5367?

Severity scoring for CVE-2017-5367 is pending analysis. The EPSS model estimates a 2.00% probability of exploitation in the next 30 days.

How do I fix CVE-2017-5367?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5367?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST