exploitDog

CVE-2023-53915

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 4.6

EPSS Низкий

Описание

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page.

Ссылки

https://www.exploit-db.com/exploits/51485
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/zenphoto-stored-cross-site-scripting-via-album-description
Exploit
Third Party Advisory
https://www.zenphoto.org/news/zenphoto-1.6/
Release Notes
https://www.exploit-db.com/exploits/51485
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zenphoto:zenphoto:1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00026

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4xfc-393r-48h2

CVSS3: 5.4

github

около 2 месяцев назад

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page.

EPSS

Процентиль: 7%

0.00026

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-79