Description

Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.

Remediation

References

CVE-2006-2187

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6730)

PHP Numeric Errors Vulnerability (CVE-2014-3669)

Moodle CVE-2024-25981 Vulnerability (CVE-2024-25981)

WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)

Drupal Core 5.x Security Bypass (5.0 - 5.2)

Severity

Medium

Classification

CVE-2006-2187

Tags

Missing Update Known Vulnerabilities