Description

Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.

Remediation

References

CVE-2006-2187

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.9)

WordPress Plugin SAM Pro (Free Edition) Local File Inclusion (1.9.6.67)

WordPress Plugin WordPress Comments Import & Export Cross-Site Request Forgery (2.1.10)

WordPress Plugin Auto Publish for Google My Business Cross-Site Scripting (3.3)

Oracle Application Server Other Vulnerability (CVE-2006-5357)

Severity

Medium

Classification

CVE-2006-2187

Tags

Missing Update Known Vulnerabilities