Vulnerabilities > Zenphoto > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-08-10 CVE-2008-6925 Cross-Site Scripting vulnerability in Zenphoto 1.1.7
Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature.
network
zenphoto CWE-79
4.3
4.3
2006-05-04 CVE-2006-2187 Cross-Site Scripting vulnerability in Zenphoto
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
network
zenphoto
6.8
6.8
2006-05-04 CVE-2006-2186 Cross-Site Scripting vulnerability in Zenphoto 0.9/1.0.1Beta/1.0Beta
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
network
low complexity
zenphoto
5.0
5.0