phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
phpwcms phpwcms 1.9.0