CVE-2012-2641 - Suicidal Cents

Description

Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.

Reference

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065 http://jvn.jp/en/jp/JVN59842447/index.html http://www.zenphoto.org/news/zenphoto-1.4.3