The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.
Max CVSS
6.1
EPSS Score
0.46%
Published
2017-07-25
Updated
2017-07-31
1 vulnerabilities found