Cross-Site Scripting Vulnerability in Zenphoto Web Application
CVE-2009-4562

Currently unrated

Key Information:

Vendor: Zenphoto
Status: Zenphoto
Vendor: CVE Published:; 4 January 2010

What is CVE-2009-4562?

The vulnerability located in zp-core/admin.php of Zenphoto version 1.2.5 enables remote attackers to exploit a cross-site scripting (XSS) flaw. By manipulating the 'from' parameter, an attacker can inject arbitrary web script or HTML, potentially leading to unauthorized actions on behalf of users or revealing sensitive information. Proper input validation and sanitization are critical for mitigating the risks associated with such vulnerabilities.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/51781

vdb-entryx_refsource_XF

http://osvdb.org/55922

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/35863

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2010
Vulnerability Reserved
Jan 4, 2010

JSON