Description
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2022-21360 Vulnerability (CVE-2022-21360)
OpenVPN AS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-2692)
Oracle JRE CVE-2013-5820 Vulnerability (CVE-2013-5820)
WordPress Plugin Media Library Assistant SQL Injection (3.05)
WordPress Plugin Easy Preloader Cross-Site Scripting (1.0.0)