Description

Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.

Remediation

References

CVE-2013-7241

Related Vulnerabilities

Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6)

MySQL CVE-2021-35647 Vulnerability (CVE-2021-35647)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (6.0.21)

WordPress Plugin WP Gravity Forms Zoho CRM Add-on Cross-Site Scripting (1.1.5)

Drupal Core 9.1.x Directory Traversal (9.1.0 - 9.1.10)

Severity

Medium

Classification

CVE-2013-7241 CWE-707

Tags

Missing Update Known Vulnerabilities