Описание
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- https://www.vulncheck.com/advisories/zenphoto-stored-cross-site-scripting-via-user-postal-code-fieldExploitThird Party Advisory
- Release Notes
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zenphoto:zenphoto:1.6:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.0003
Низкий
4.6 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 2 месяцев назад
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context.
EPSS
Процентиль: 8%
0.0003
Низкий
4.6 Medium
CVSS3
Дефекты
CWE-79