Cross-site scripting in Zenphoto - CVE-2015-5593

Detailed vulnerability description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via "The sanitize_string function" when wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website .

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

How to mitigate CVE-2015-5593

Sources

• http://www.openwall.com/lists/oss-security/2015/07/18/3
• http://www.zenphoto.org/news/zenphoto-1.4.9
• https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/