CVE-2020-25730

Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt