icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

All Enthusiast PhotoPost PHP Pro < 4.8.6 Multiple XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running All Enthusiast PhotoPost PHP, a web-based gallery application. The remote version of this software is prone to multiple cross-site scripting vulnerabilities. This may allow an attacker to steal authentication credentials.

Solution

Upgrade to version 4.8.6 or higher.