CVE-2023-53915

Name of the Vulnerable Software and Affected Versions Zenphoto version 1.6

Description An authenticated attacker can inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field, which execute when users view the album page. The issue is a stored cross-site scripting condition.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all HTML content entered into the album description field to remove potentially malicious script or iframe tags.