CVE-2013-6808

Zendto < 4.11-12 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.

References (2)

[Various Sources] http://www.zend.to/changelog.php

[Exploit] https://www.packetlabs.net/cve-2013-6808/

Scores

EPSS 0.0032

EPSS Percentile 54.7%

Details

CWE

CWE-79

Status published

Products (23)

zend/zendto < 4.11-12

zend/zendto

... and 13 more

Published Dec 28, 2013

Tracked Since Feb 18, 2026