Stored Cross-Site Scripting Vulnerability in Zenphoto by Zenphoto Team
CVE-2023-53915

5.1MEDIUM

Key Information:

Vendor

Zenphoto

Status
Zenphoto
Vendor
CVE Published:
17 December 2025

Badges

👾 Exploit Exists

What is CVE-2023-53915?

Zenphoto 1.6 has a stored cross-site scripting (XSS) vulnerability that can be exploited by authenticated users. This vulnerability allows attackers to inject harmful HTML content, such as iframes or script tags, into album descriptions. When other users view these album pages, the injected scripts can execute in their browsers, potentially compromising the security of their sessions and data. Proper validation and sanitization measures are necessary to prevent such injections and protect users from these security risks.

Affected Version(s)

Zenphoto 1.6

References

https://www.exploit-db.com/exploits/51485
exploit
https://www.zenphoto.org/news/zenphoto-1.6/
product
https://www.vulncheck.com/advisories/zenphoto-stored-cros...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mirabbas Ağalarov
JSON
.
CVE-2023-53915 : Stored Cross-Site Scripting Vulnerability in Zenphoto by Zenphoto Team