CVE-2015-7348
CVE-2015-7348 affects zTree, specifically version 3.5.19.1 (and possibly earlier). The vulnerability is a cross-site scripting (XSS) flaw in the demo/en/asyncData/getNodesForBigData.php handler, triggered via the id parameter. Root cause is improper input handling that allows injection of arbitra...