Unrated severityNVD Advisory· Published Dec 17, 2025· Updated Apr 7, 2026
Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field
CVE-2023-53916
Description
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/51485mitreexploit
- www.vulncheck.com/advisories/zenphoto-stored-cross-site-scripting-via-user-postal-code-fieldmitrethird-party-advisory
- www.zenphoto.org/news/zenphoto-1.6/mitreproduct
News mentions
0No linked articles in our index yet.