CVE-2023-53915

Sažetak

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page.

Reference

https://www.exploit-db.com/exploits/51485
https://www.vulncheck.com/advisories/zenphoto-stored-cross-site-scripting-via-album-description
https://www.zenphoto.org/news/zenphoto-1.6/
https://www.exploit-db.com/exploits/51485

CVSS

Base:	5.4
Impact:	2.5
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

18-12-2025 - 15:15

Objavljeno

17-12-2025 - 23:15