Description

Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2015-2948

Related Vulnerabilities

WordPress Plugin Events Manager Cross-Site Request Forgery (5.9.8.1)

WordPress Plugin File Manager Unspecified Vulnerability (4.1.4)

WordPress Plugin Image Rotator Cross-Site Scripting (1.0)

WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)

WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)

Severity

Medium

Classification

CVE-2015-2948 CWE-707

Tags

Missing Update Known Vulnerabilities