CVE-2014-9236

Name of the Vulnerable Software and Affected Versions Zoph versions 0.9.1 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the photographer id or crumb parameter in the php/edit photos.php file.

Recommendations For Zoph versions 0.9.1 and earlier, as a temporary workaround, consider restricting access to the php/edit photos.php file until a patch is available. Avoid using the photographer id and crumb parameters in the affected file until the issue is resolved.