Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
2013-12-28T04:53:06.617
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | zend | zendto | ≤ 4.11-12 | Yes |
Application | zend | zendto | 4.00 | Yes |
Application | zend | zendto | 4.01 | Yes |
Application | zend | zendto | 4.02 | Yes |
Application | zend | zendto | 4.03-3 | Yes |
Application | zend | zendto | 4.05-2 | Yes |
Application | zend | zendto | 4.06-2 | Yes |
Application | zend | zendto | 4.07-1 | Yes |
Application | zend | zendto | 4.08-4 | Yes |
Application | zend | zendto | 4.09-1 | Yes |
Application | zend | zendto | 4.10-4 | Yes |
Application | zend | zendto | 4.10-5 | Yes |
Application | zend | zendto | 4.11-1 | Yes |
Application | zend | zendto | 4.11-2 | Yes |
Application | zend | zendto | 4.11-3 | Yes |
Application | zend | zendto | 4.11-4 | Yes |
Application | zend | zendto | 4.11-5 | Yes |
Application | zend | zendto | 4.11-7 | Yes |
Application | zend | zendto | 4.11-8 | Yes |
Application | zend | zendto | 4.11-9 | Yes |
Application | zend | zendto | 4.11-10 | Yes |
Application | zend | zendto | 4.11-11 | Yes |