CVE-2015-5592
Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.
Date published : 2019-12-31
http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html