Description
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Zielke Specialized Catalog Arbitrary File Upload (3.0.7)
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2100)
MySQL CVE-2013-1552 Vulnerability (CVE-2013-1552)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (4.6.12)