2 matches found
CVE-2015-5592
Incomplete blacklist in sanitizestring in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting XSS attacks...
CVE-2015-5592
Zenphoto is affected by CVE-2015-5592 due to an incomplete blacklist in sanitize_string prior to version 1.4.9, enabling remote attackers to conduct cross-site scripting (XSS). The vulnerability affects Zenphoto 1.4.x before 1.4.9. The root cause is improper input validation in the sanitize_strin...