2 matches found
CVE-2015-5593
The sanitizestring function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting XSS attack by wrapping a payload in "scriptpayload", or in an image tag, with the payload as the onerror event...
CVE-2015-5593
Zenphoto contains a XSS flaw in the sanitize_string function present in versions prior to 1.4.9. Attackers can trigger client-side script execution by injecting payloads into HTML or image tag onerror handlers. The issue is documented across CVE-2015-5593 entries and linked CNVD/CVE records. Reme...