Description

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.

Remediation

References

CVE-2009-4562

Related Vulnerabilities

Ruby Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2011-3624)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1432)

WordPress Plugin Coupon Creator Cross-Site Request Forgery (3.1)

WordPress Plugin Product Import Export for WooCommerce Cross-Site Request Forgery (1.7.4)

WordPress Plugin WP Construction Mode Cross-Site Request Forgery (3.31)

Severity

Medium

Classification

CVE-2009-4562 CWE-707

Tags

Missing Update Known Vulnerabilities