Description

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.

Remediation

References

CVE-2009-4562

Related Vulnerabilities

WordPress Plugin Download from files Arbitrary File Upload (1.48)

PHP 5.3.9 remote code execution

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.10)

WEBrick v.1.3 directory traversal

Oracle Database Server CVE-2011-0793 Vulnerability (CVE-2011-0793)

Severity

Medium

Classification

CVE-2009-4562 CWE-707

Tags

Missing Update Known Vulnerabilities