Description
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)
Java Denial of Service (DoS) Vulnerability (CVE-2018-3180)
Serendipity Remote Code Execution (CVE-2020-10964)
WordPress Plugin MetaSlider Cross-Site Scripting (3.17.1)
WordPress Plugin Ceceppa Multilingua Unspecified Vulnerability (1.5.3)