VYPR
script>payload\", or in an image tag, with","datePublished":"2019-12-31T20:42:46Z","dateModified":"2024-08-06T06:50:03.159Z","publisher":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"author":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"proficiencyLevel":"Expert","about":{"@type":"Thing","@id":"https://nvd.nist.gov/vuln/detail/CVE-2015-5593","name":"CVE-2015-5593","identifier":"CVE-2015-5593","description":"The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in \"<script>payload\", or in an image tag, with the payload as the onerror event.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5593"]},"keywords":"CVE-2015-5593, Zenphoto Zenphoto, Zenphoto Zenphoto","mentions":[{"@type":"SoftwareApplication","name":"Zenphoto","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Zenphoto"}},{"@type":"SoftwareApplication","name":"Zenphoto","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Zenphoto"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2015-5593","item":"https://portal.vyprsec.ai/cves/CVE-2015-5593"}]}]}
Unrated severityNVD Advisory· Published Dec 31, 2019· Updated Aug 6, 2024

CVE-2015-5593

CVE-2015-5593

Description

The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "payload", or in an image tag, with the payload as the onerror event.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.