CVE-2013-7241

Zenphoto <1.4.5.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.

References (6)

[Exploit] http://openwall.com/lists/oss-security/2013/12/29/1

[Exploit] http://seclists.org/bugtraq/2013/Oct/20

[URL Repurposed] http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/62815

[Vendor Advisory] http://www.zenphoto.org/news/zenphoto-1.4.5.4

[Mailing List] http://openwall.com/lists/oss-security/2013/12/30/10

Scores

EPSS 0.0050

EPSS Percentile 65.7%

Details

CWE

CWE-79

Status published

Products (5)

zenphoto/zenphoto < 1.4.5.3

zenphoto/zenphoto

n/a/n/a

Published Dec 31, 2013

Tracked Since Feb 18, 2026