Cross-site scripting vulnerability in Zenphoto versions before 1.5.7 allows remote malicious users to inject an arbitrary JavaScript via unspecified vectors.
zenphoto zenphoto