{"id":"CVE-2020-25730","details":"Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.","modified":"2026-04-10T04:25:15.131125Z","published":"2024-04-04T08:15:06.283Z","references":[{"type":"FIX","url":"https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zoneminder/zoneminder","events":[{"introduced":"0"},{"fixed":"89913adfa3d10cd67d4afb1bbf42197916fdf3c8"},{"fixed":"9268db14a79c4ccd444c2bf8d24e62b13207b413"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.34.21"}]}}],"versions":["1.32.3","1.34.0","1.34.10","1.34.12","1.34.13","1.34.14","1.34.15","1.34.16","1.34.17","1.34.18","1.34.19","1.34.20","1.34.3","1.34.4","1.34.6","1.34.7","1.34.8","1.34.9","v1.25","v1.26.0","v1.26.1","v1.26.2","v1.26.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25730.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"}]}