Description
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562.
Remediation
References
Related Vulnerabilities
ownCloud Other Vulnerability (CVE-2012-4389)
WordPress Plugin iLive-Intelligent WordPress Live Chat Support Cross-Site Scripting (1.0.4)
MySQL CVE-2022-21280 Vulnerability (CVE-2022-21280)
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)
D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)