Description
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2007-0280 Vulnerability (CVE-2007-0280)
WordPress Plugin WP Custom Admin Interface PHP Object Injection (7.28)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Security Bypass (2.9.2)
MySQL CVE-2021-2122 Vulnerability (CVE-2021-2122)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)