Zenphoto · Zenphoto · CVE-2015-2948
**Name of the Vulnerable Software and Affected Versions**
Zenphoto versions prior to 1.4.8
**Description**
A cross-site scripting (XSS) issue exists in the image processor, allowing remote attackers to inject arbitrary web script or HTML.
**Recommendations**
For versions prior to 1.4.8, update to version 1.4.8 or later to resolve the issue.