Description

Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.

Remediation

References

CVE-2006-2187

Related Vulnerabilities

WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)

WordPress Plugin Free Booking for Hotels, Restaurant and Car Rental-eaSYNC Arbitrary File Upload (1.1.15)

PHP Other Vulnerability (CVE-2007-4658)

WordPress Plugin Disqus Comment System Multiple Cross-Site Request Forgery Vulnerabilities (2.77)

MySQL CVE-2024-21199 Vulnerability (CVE-2024-21199)

Severity

Medium

Classification

CVE-2006-2187

Tags

Missing Update Known Vulnerabilities