CVE-2022-44449

CVSS 6.1 MEDIUMEPSS 0.7%CWE-79

Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Zenphoto · Zenphoto

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/zenphoto/zenphoto https://jvn.jp/en/jp/JVN06093462/index.html https://www.zenphoto.org/