Zenphoto: >> Zenphoto >> 1.6 Security Vulnerabilities
Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-12-17
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-12-17