Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zenphoto zenphoto |
||
zenphoto zenphoto 0.9 |
||
zenphoto zenphoto 1.0_beta |