CVE-2015-5593 – The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags …

31 December 2019

Vuln ID: CVE-2015-5593

Published: 2019-12-31 21:15:11Z

Description: The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event.

Source: NVD.NIST.GOV

Date:

31 December 2019

Categorie(s):

NVD

Tag(s):

NVD

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam19 May 2024
Week in review: New Black Basta’s social engineering campaign, passing the CISSP exam in 6 weeks19 May 2024
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide19 May 2024
Enhanced Security for Enterprises: Google Launches Google Threat Intelligence19 May 2024
Hackers Exploiting Docusign With Phishing Attack To Steal Credentials19 May 2024