Description

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.

Remediation

References

CVE-2009-4562

Related Vulnerabilities

WordPress Plugin Circles Gallery Cross-Site Scripting (1.0.10)

Oracle Database Server CVE-2014-6541 Vulnerability (CVE-2014-6541)

WordPress Plugin SupportFlow Multiple Cross-Site Scripting Vulnerabilities (0.6)

WordPress 4.1.x PHP Object Injection (4.1 - 4.1.32)

Drupal Core 8.8.x Multiple Cross-Site Scripting Vulnerabilities (8.8.0 - 8.8.9)

Severity

Medium

Classification

CVE-2009-4562 CWE-707

Tags

Missing Update Known Vulnerabilities