Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.Referenceshttp://www.openwall.com/lists/oss-security/2017/02/05/1https://www.foxmole.com/advisories/foxmole-2016-07-05.txt
