328 matches found
CVE-2023-53916
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...
CVE-2023-53915
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...
EUVD-2023-60215
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...
EUVD-2023-60214
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...
CVE-2023-53915
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...
CVE-2023-53916
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...
CVE-2023-53915
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...
CVE-2023-53916
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...
CVE-2023-53915 Zenphoto 1.6 Stored Cross-Site Scripting via Album Description
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...
CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...
CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...
CVE-2023-53915 Zenphoto 1.6 Stored Cross-Site Scripting via Album Description
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...
CVE-2023-53915
Zenphoto 1.6 is affected by a stored cross-site scripting (XSS) vulnerability in album descriptions. The issue allows an authenticated attacker to insert HTML content (e.g., iframe or script tags) in album descriptions, which can execute when users view the affected album page. Public references ...
CVE-2023-53916
CVE-2023-53916 affects Zenphoto 1.6 with a stored cross‑site scripting vulnerability in the user postal code field exposed via the admin-users.php interface. When admin user data imported as HTML is viewed, malicious JavaScript injected into the postal code field can execute in the administrator’...
PT-2025-51953
Name of the Vulnerable Software and Affected Versions Zenphoto version 1.6 Description An authenticated attacker can inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field, which execute...
Zenphoto 跨站脚本漏洞
Zenphoto is a content management system from Zenphoto open source. A cross-site scripting vulnerability exists in Zenphoto version 1.6, which stems from improperly cleared user zip code fields and could lead to a stored cross-site scripting attack...
Zenphoto 跨站脚本漏洞
Zenphoto is a content management system from Zenphoto open source. A cross-site scripting vulnerability exists in Zenphoto version 1.6, which stems from improper cleanup of the album description field and could lead to a stored cross-site scripting attack...
PT-2025-51954
Name of the Vulnerable Software and Affected Versions Zenphoto version 1.6 Description The software contains a stored cross-site scripting issue in the user postal code field. This field is accessible through the 'admin-users.php' interface. When administrators view user information that includes...
EUVD-2018-1420
Malware in sbrugna...
EUVD-2015-5546
Malware in sbrugna...