Multiple cross-site scripting (XSS) vulnerabilities are in deploy/designer/preview.php. Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the “swfloc” or “designrand” parameter.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
digital zoom studio | le | 1.0 |