XSS in Zend Zendto
CVE-2013-6808
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.015 (70.4th percentile) — read the EPSS interpretation.
Affected products
- Zend Zendto — versions 4.00, 4.01, 4.02
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM)