Cross site scripting

2013-12-3115:16:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.

CPENameOperatorVersion
zenphotole1.4.5.3
zenphotoeq1.4.5.1
zenphotoeq1.4.5.2
zenphotoeq1.4.5

Name	Operator	Version
zenphoto	le	1.4.5.3
zenphoto	eq	1.4.5.1
zenphoto	eq	1.4.5.2
zenphoto	eq	1.4.5

References

openwall.com/lists/oss-security/2013/12/29/1

openwall.com/lists/oss-security/2013/12/30/10

seclists.org/bugtraq/2013/Oct/20

www.enkomio.com/Advisory/SOJOBO-ADV-13-01

www.securityfocus.com/bid/62815

www.zenphoto.org/news/zenphoto-1.4.5.4