CVE-2012-4519

Name of the Vulnerable Software and Affected Versions Zenphoto versions prior to 1.4.3.4

Description The issue concerns a cross-site scripting (XSS) vulnerability in the date parameter of the admin-news-articles.php file. This allows for potential malicious script injection. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For versions prior to 1.4.3.4, update to version 1.4.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin-news-articles.php file or avoiding the use of the date parameter until the update is applied.