Description

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562.

Remediation

References

CVE-2010-4907

Related Vulnerabilities

Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-1134)

WordPress Plugin Login as User or Customer Cross-Site Request Forgery (1.9)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7892)

WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.91)

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts Multiple Vulnerabilities (1.2.2)

Severity

Medium

Classification

CVE-2010-4907 CWE-707

Tags

Missing Update Known Vulnerabilities