CVE-2013-6808

Name of the Vulnerable Software and Affected Versions ZendTo versions prior to 4.11-13

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by modifying the emailAddr field in the pickup.php endpoint.

Recommendations For versions prior to 4.11-13, update to version 4.11-13 or later to resolve the issue. As a temporary workaround, consider restricting access to the pickup.php endpoint to minimize the risk of exploitation. Avoid using the emailAddr field in the affected endpoint until the issue is resolved.