CVE-2013-7241

Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.

Date published : 2013-12-31

http://www.securityfocus.com/bid/62815

http://seclists.org/bugtraq/2013/Oct/20