3 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562...
CVE-2009-4562
Cross-site scripting XSS vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter...
CVE-2009-4562
CVE-2009-4562 is an XSS vulnerability in Zenphoto 1.2.5, specifically in zp-core/admin.php, allowing remote attackers to inject arbitrary web script or HTML via the from parameter. The connected documents corroborate the same flaw in Zenphoto 1.2.5 and note related variants (e.g., CVE-2010-4907 d...