Description

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.

Remediation

References

CVE-2009-4562

Related Vulnerabilities

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5320)

Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427)

WordPress Plugin WP-Filebase Download Manager Cross-Site Scripting (3.4.4)

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Cross-Site Scripting (5.10.1)

WordPress Plugin LearnPress-WordPress LMS Local File Inclusion (4.2.6.8.2)

Severity

Medium

Classification

CVE-2009-4562 CWE-707

Tags

Missing Update Known Vulnerabilities