CVE-2010-4907

2011-10-08T10:55:00
ID CVE-2010-4907
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T20:08:00

Description

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562.