Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto prior to 1.4.5.4 allows remote malicious users to inject arbitrary web script or HTML via the URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zenphoto zenphoto |
||
zenphoto zenphoto 1.4.5.1 |
||
zenphoto zenphoto 1.4.5.2 |
||
zenphoto zenphoto 1.4.5 |