2 matches found
CVE-2015-7708
Cross-site scripting XSS vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the catdescription parameter in an updatecat action to admin/categories.php...
CVE-2015-7708
4images is affected (versions 1.7.11 and earlier) by an XSS vulnerability that allows an attacker to inject arbitrary web script or HTML through the cat_description parameter in an updatecat action to admin/categories.php. The issue is caused by insufficient input sanitization in the updatecat fl...