Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated malicious users to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.