Vulnerabilities > Zenphoto > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-05-31 CVE-2015-2949 Cross-site Scripting vulnerability in Zenphoto
Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
zenphoto CWE-79
4.3
4.3
2015-05-31 CVE-2015-2948 Cross-site Scripting vulnerability in Zenphoto
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
zenphoto CWE-79
4.3
4.3
2012-07-05 CVE-2012-2641 Cross-Site Scripting vulnerability in Zenphoto
Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.
network
zenphoto CWE-79
4.3
4.3
2012-02-21 CVE-2012-0995 Cross-Site Scripting vulnerability in Zenphoto 1.4.2
Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php.
network
zenphoto CWE-79
4.3
4.3
2012-02-21 CVE-2012-0994 SQL Injection vulnerability in Zenphoto 1.4.2
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
network
zenphoto CWE-89
6.0
6.0
2012-02-21 CVE-2012-0993 Code Injection vulnerability in Zenphoto 1.4.2
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.
network
zenphoto CWE-94
6.8
6.8
2011-10-08 CVE-2010-4907 Cross-Site Scripting vulnerability in Zenphoto 1.3
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
network
zenphoto CWE-79
4.3
4.3
2010-01-04 CVE-2009-4564 SQL Injection vulnerability in Zenphoto 1.2.5
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.
network
zenphoto CWE-89
6.8
6.8
2010-01-04 CVE-2009-4563 Cross-Site Scripting vulnerability in Zenphoto 1.2.5
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.
network
zenphoto CWE-79
4.3
4.3
2010-01-04 CVE-2009-4562 Cross-Site Scripting vulnerability in Zenphoto 1.2.5
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.
network
zenphoto CWE-79
4.3
4.3