CVE-2015-5594

The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.

Date published : 2017-07-25

http://www.zenphoto.org/news/zenphoto-1.4.9

http://cve.killedkenny.io/cve/CVE-2015-5594