CVE-2023-53916
Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Zenphoto · ZenphotoQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →