CVE-2022-30768 is a Stored Cross Site Scripting (XSS) vulnerability identified in ZoneMinder version 1.36.12. ZoneMinder is an open-source video surveillance software platform widely used for security camera management. The vulnerability arises from improper sanitization of the Username field, which allows an attacker to inject malicious HTML or JavaScript code. This malicious code is then stored and executed when an Admin user or any non-Admin user with permission to view other logged-in users clicks on the Logout function. This attack vector differs from the earlier CVE-2019-7348 vulnerability affecting ZoneMinder, requiring a distinct exploitation method. The vulnerability has a CVSS 3.1 base score of 5.4, indicating a medium severity level. The attack complexity is low, requiring only privileges to log in (PR:L) and user interaction (UI:R) to trigger the exploit. The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity but not availability. Specifically, an attacker can execute arbitrary scripts in the context of the victim's browser session, potentially leading to session hijacking, unauthorized actions, or data leakage within the ZoneMinder platform. No known exploits in the wild have been reported, and no official patches or vendor advisories are currently linked. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common web application security flaw. Given ZoneMinder's role in security monitoring, exploitation could undermine trust in surveillance data and platform integrity.

For European organizations using ZoneMinder, particularly those managing physical security infrastructure, this vulnerability poses a risk to the confidentiality and integrity of surveillance management operations. An attacker exploiting this flaw could execute malicious scripts that hijack admin sessions or manipulate user data, potentially disabling or altering surveillance configurations unnoticed. This could lead to unauthorized access to sensitive video feeds or logs, undermining security monitoring and incident response. Organizations in critical infrastructure sectors (e.g., transportation, energy, government facilities) relying on ZoneMinder for surveillance are at heightened risk, as compromise could facilitate broader attacks or physical security breaches. Additionally, the vulnerability could be leveraged for lateral movement within internal networks if attackers gain footholds via compromised user sessions. The requirement for user interaction (clicking Logout) limits automated exploitation but does not eliminate risk, especially in environments with many users or where social engineering is feasible. The medium CVSS score reflects moderate impact; however, the strategic importance of surveillance systems in security-sensitive European sectors elevates the practical risk. Lack of patches or mitigations increases exposure duration. Organizations with compliance obligations under GDPR must also consider potential data protection implications if surveillance data confidentiality is compromised.

1. Immediate mitigation should include restricting ZoneMinder user privileges to the minimum necessary, especially limiting which users can view other logged-in users and perform logout actions. 2. Implement strict input validation and output encoding on the Username field to prevent injection of malicious scripts; if possible, apply web application firewall (WAF) rules to detect and block suspicious payloads targeting this field. 3. Educate users, particularly administrators, to be cautious when clicking logout links and to report any unusual behavior or interface anomalies. 4. Monitor ZoneMinder logs for unusual activity patterns, such as unexpected logout events or anomalous user behavior, which could indicate exploitation attempts. 5. If feasible, isolate ZoneMinder instances within segmented network zones to limit potential lateral movement from compromised sessions. 6. Regularly check for vendor updates or community patches addressing this vulnerability and apply them promptly once available. 7. Consider deploying Content Security Policy (CSP) headers to restrict execution of unauthorized scripts within the ZoneMinder web interface. 8. Conduct periodic security assessments and penetration tests focusing on web application vulnerabilities to identify and remediate similar issues proactively.