Cross-Site Scripting Vulnerability in Zenphoto by Zenphoto
CVE-2010-4907

Currently unrated

Key Information:

Vendor: Zenphoto
Status: Zenphoto
Vendor: CVE Published:; 8 October 2011

What is CVE-2010-4907?

In Zenphoto version 1.3, a cross-site scripting (XSS) vulnerability exists in the zp-core/admin.php file. This flaw allows remote attackers to execute arbitrary web scripts or HTML by manipulating the user parameter. This vulnerability can lead to compromised web pages and affect site users. It is essential to update affected installations to mitigate potential risks associated with exploitation.

References

http://secunia.com/advisories/41342

third-party-advisoryx_refsource_SECUNIA

http://packetstormsecurity.org/1009-exploits/zenphoto-sql...

x_refsource_MISC

http://www.securityfocus.com/bid/43021

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2011
Vulnerability Reserved
Oct 7, 2011

JSON