Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-53916
Reference:
CVE-2023-53916
Title:
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML malicious JavaScript payloads injected into the postal code field execute in their browser context.