Cross-Site Scripting Vulnerability in ZenPhoto by ZenPhoto Team
CVE-2015-2949

Currently unrated

Key Information:

Vendor: Zenphoto
Status: Zenphoto
Vendor: CVE Published:; 31 May 2015

What is CVE-2015-2949?

A cross-site scripting (XSS) vulnerability exists in ZenPhoto versions 1.1.3 and earlier, which allows remote attackers to inject arbitrary web scripts or HTML through unspecified vectors. This flaw can be exploited to execute malicious scripts in the context of the user's session, potentially leading to unauthorized actions or the exposure of sensitive data.

References

http://jvn.jp/en/jp/JVN51176150/index.html

third-party-advisoryx_refsource_JVN

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000071

third-party-advisoryx_refsource_JVNDB

http://www.securityfocus.com/bid/74889

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2015
Vulnerability Reserved
Apr 7, 2015

JSON

Zenphoto

What is CVE-2015-2949?

References

Timeline