Lucene search

K
cvelistMitreCVELIST:CVE-2015-5593
HistoryDec 31, 2019 - 8:42 p.m.

CVE-2015-5593

2019-12-3120:42:46
mitre
www.cve.org

0.001 Low

EPSS

Percentile

49.3%

The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in “<<script></script>script>payload<script></script></script>”, or in an image tag, with the payload as the onerror event.

0.001 Low

EPSS

Percentile

49.3%

Related for CVELIST:CVE-2015-5593