Vuln ID: CVE-2015-5593
Published: 2019-12-31 21:15:11Z
Description: The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event.
Source: NVD.NIST.GOV