CVE-2012-0995

Multiple cross-site scripting XSS vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter in an external action to zp-core/admin.php, 2 PATHINTO to an unspecified URL, as demonstrated using /1/, 3 PATHINFO to zp-core/admin.php, or 4...