Zoneminder Log Injection / XSS / Cross Site Request Forgery Zoneminder versions prior to 1.37.24 suffers from log injection, persistent cross site scripting, and cross site request forgery bypass vulnerabilities. Leave a ReplyYou must be logged in to post a comment. Filed under: exploit - @ March 28, 2023 12:05 pm