CNNVD-202512-3154 Information

CNNVD ID

CNNVD-202512-3154

Related CVE

CVE-2023-53915

• CNNVD Published: 2025-12-17

Description (Chinese)

Zenphoto是Zenphoto开源的一个内容管理系统。 Zenphoto 1.6版本存在跨站脚本漏洞，该漏洞源于专辑描述字段清理不当，可能导致存储型跨站脚本攻击。

Description (English)

Zenphoto is a Zenphoto open source content management system. Version 1.6 of Zenphoto has a cross-site script loophole, which stems from the inappropriate clean-up of the album narrative field and may lead to a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.zenphoto.org/news/zenphoto-1.6/ https://www.exploit-db.com/exploits/51485 https://www.vulncheck.com/advisories/zenphoto-stored-cross-site-scripting-via-album-description https://access.redhat.com/security/cve/cve-2023-53915