CNNVD-202512-3148 Information

CNNVD ID

CNNVD-202512-3148

Related CVE

CVE-2023-53916

• CNNVD Published: 2025-12-17

Description (Chinese)

Zenphoto是Zenphoto开源的一个内容管理系统。 Zenphoto 1.6版本存在跨站脚本漏洞，该漏洞源于用户邮政编码字段清理不当，可能导致存储型跨站脚本攻击。

Description (English)

Zenphoto is a Zenphoto open source content management system. Version 1.6 of Zenphoto has a cross-site script loophole, which stems from the inappropriate clean-up of user postal code fields, which may lead to storage-type cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Zenphoto

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.zenphoto.org/news/zenphoto-1.6/ https://www.vulncheck.com/advisories/zenphoto-stored-cross-site-scripting-via-user-postal-code-field https://www.exploit-db.com/exploits/51485 https://access.redhat.com/security/cve/cve-2023-53916