CVE-2023-53916

Name of the Vulnerable Software and Affected Versions Zenphoto version 1.6

Description The software contains a stored cross-site scripting issue in the user postal code field. This field is accessible through the 'admin-users.php' interface. When administrators view user information that includes HTML, malicious JavaScript payloads injected into the postal code field can execute in their browser. The vulnerable field is used when importing user information.

Recommendations Sanitize user input for the postal code field in the 'admin-users.php' interface to prevent the injection of malicious HTML or JavaScript code.