Posted on

CVE-2015-5592 (zenphoto)

Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.