From DHS/US-CERT's National Vulnerability Database
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][cnj] parameter.
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.