Description
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
Remediation
References
Related Vulnerabilities
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5497)
Django Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33571)
WordPress Plugin Affiliates Manager Multiple Vulnerabilities (2.9.13)
Squid Improper Privilege Management Vulnerability (CVE-2019-12522)