Description

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.

Remediation

References

CVE-2009-4562

Related Vulnerabilities

WordPress Plugin WP DSGVO Tools (GDPR) Unspecified Vulnerability (3.1.26)

Dolibarr Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2020-35136)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.39)

WordPress Plugin Visitor Traffic Real Time Statistics Cross-Site Request Forgery (1.12)

SugarCRM Other Vulnerability (CVE-2005-0266)

Severity

Medium

Classification

CVE-2009-4562 CWE-707

Tags

Missing Update Known Vulnerabilities