Cross-Site Scripting Flaw in Zenphoto Product by Zenphoto
CVE-2015-5592

6.1MEDIUM

Key Information:

Vendor

Zenphoto

Status
Zenphoto
Vendor
CVE Published:
31 December 2019

What is CVE-2015-5592?

The vulnerability involves an incomplete blacklist in the sanitize_string function of Zenphoto, which allows remote attackers to execute cross-site scripting (XSS) attacks. This flaw can be exploited by injecting malicious scripts into web pages viewed by users, compromising user data and leading to further attacks on the web application.

References

http://packetstormsecurity.com/files/132667/ZenPhoto-1.4....
x_refsource_MISC
http://software-talk.org/blog/2015/07/second-order-sql-in...
x_refsource_MISC
http://www.zenphoto.org/news/zenphoto-1.4.9
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.