Cross-Site Scripting Vulnerability in Zenphoto by Zenphoto
CVE-2013-7241

Currently unrated

Key Information:

Vendor: Zenphoto
Status: Zenphoto
Vendor: CVE Published:; 31 December 2013

What is CVE-2013-7241?

Zenphoto, a popular web-based photo gallery software, contains a cross-site scripting (XSS) vulnerability in its export function located in the mergedRSS.php file. This security flaw is present in versions prior to 1.4.5.4 and allows remote attackers to inject arbitrary web scripts or HTML through manipulated URIs. Successful exploitation of this vulnerability can lead to unauthorized actions and disclosure of sensitive information on the impacted sites. Users are advised to upgrade to the latest version to mitigate potential threats.

References

http://openwall.com/lists/oss-security/2013/12/30/10

mailing-listx_refsource_MLIST

http://seclists.org/bugtraq/2013/Oct/20

mailing-listx_refsource_BUGTRAQ

http://openwall.com/lists/oss-security/2013/12/29/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2013
Vulnerability Reserved
Dec 30, 2013

JSON