XSS in Zend Zendto

CVE-2013-6808

Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.015 (70.4th percentile) — read the EPSS interpretation.

Affected products

  • Zend Zendto — versions 4.00, 4.01, 4.02
  • N/a — versions n/a

Weakness classification (CWE)

References