Description

Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.

Remediation

References

CVE-2006-2187

Related Vulnerabilities

Joomla Configuration Vulnerability (CVE-2008-3228)

WordPress Plugin Email Before Download Unspecified Vulnerability (6.9.3)

Zope Web Application Server Other Vulnerability (CVE-2002-0170)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (9.0.1)

WordPress Plugin Smart Marketing SMS and Newsletters Forms Cross-Site Scripting (1.1.1)

Severity

Medium

Classification

CVE-2006-2187

Tags

Missing Update Known Vulnerabilities