CVE-2013-7241
Zenphoto contains an XSS vulnerability in the export function (zp-core/zp-extensions/mergedRSS.php) that allows remote attackers to inject arbitrary web script or HTML via the URI. Affected versions are Zenphoto prior to 1.4.5.4; the fix is to upgrade to 1.4.5.4 or later. The relevant evidence co...