Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14

Related Vulnerabilities: CVE-2018-20140  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="21"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#22">By Date</a>
<a href="24"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="36"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#22">By Thread</a>
<a href="24"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">Multiple Cross-site Scripting Vulnerabilities in ZenPhoto	1.4.14</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Daniel Bishtawi &lt;daniel () netsparker com&gt;


<em>Date</em>: Tue, 8 Jan 2019 12:06:48 +0100


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">Hello,

We are glad to inform you about the vulnerabilities we reported in ZenPhoto
1.4.14.

Here are the details:

Advisory by Netsparker
Name: Multiple Cross-Site Scripting Vulnerabilities in ZenPhoto 1.4.14
Affected Software: ZenPhoto
Affected Versions: 1.4.14
Homepage: <a rel="nofollow" href="http://www.zenphoto.org/">http://www.zenphoto.org/</a>
Vulnerability: Cross-Site Scripting
Severity: Medium
Status: Fixed
CVE-ID: CVE-2018-20140
CVSS Score (3.0):  CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Netsparker Advisory Reference: NS-18-043

For more information and the Technical Details:
<a rel="nofollow" href="https://www.netsparker.com/web-applications-advisories/ns-18-043-cross-site-scripting-in-zenphoto/">https://www.netsparker.com/web-applications-advisories/ns-18-043-cross-site-scripting-in-zenphoto/</a>

Regards,

Daniel Bishtawi
Marketing Administrator | Netsparker Web Application Security Scanner
Tel: +44 (0)20 3588 3843
Follow us on Twitter &lt;<a rel="nofollow" href="https://twitter.com/netsparker">https://twitter.com/netsparker</a>&gt; | LinkedIn
&lt;<a rel="nofollow" href="https://www.linkedin.com/company/netsparker-ltd">https://www.linkedin.com/company/netsparker-ltd</a>&gt; | Facebook
&lt;<a rel="nofollow" href="https://facebook.com/netsparker">https://facebook.com/netsparker</a>&gt;

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="21"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#22">By Date</a>
<a href="24"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="36"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#22">By Thread</a>
<a href="24"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>Multiple Cross-site Scripting Vulnerabilities in ZenPhoto	1.4.14</strong> <em>Daniel Bishtawi (Jan 08)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started