Description
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
Remediation
References
Related Vulnerabilities
PHP mail function ASCII control character header spoofing vulnerability
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-11201)
Zope Web Application Server Resource Management Errors Vulnerability (CVE-2008-5102)
WordPress Plugin Mail Masta Local File Inclusion (1.0)
Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5189)