Description

Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

Remediation

References

CVE-2022-44449

Related Vulnerabilities

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)

WordPress Plugin Basic Google Maps Placemarks Cross-Site Scripting (1.10.2)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2660)

WordPress Plugin ApplyOnline-Application Form Builder and Manager Cross-Site Scripting (1.9.94)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31805)

Severity

Medium

Classification

CVE-2022-44449 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities