Vulnerabilities

CVE-2015-5593

by Fred · 31/12/2019

The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<script>payload", or in an image tag, with the payload as the onerror event.

Date published : 2019-12-31

http://www.openwall.com/lists/oss-security/2015/07/18/3

http://www.zenphoto.org/news/zenphoto-1.4.9

Related

Tags: Cybersecurity Alert