|
Description
|
|
Three vulnerabilities have been discovered in zenphoto, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
1) Input passed via the "_zp_themeroot" parameter to themes/stopdesign/comment_form/comment_form.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is confirmed in versions 1.4.1.5 and 1.4.2.1. Other versions may also be affected.
2) Input passed via the "_zp_themeroot" parameter to themes/zenpage/slideshow.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is confirmed in version 1.4.1.5. Other versions may also be affected.
Successful exploitation of these vulnerabilities requires that "register_globals" is enabled.
3) Input passed via the "X-Forwarded-For" HTTP header to e.g. zp-core/admin.php is not properly sanitised in zp-core/functions.php before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
This vulnerability is confirmed in version 1.4.0.3. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
zenphoto 1.x
|
|
|
|
|
|
Solution
|
|
Update to version 1.4.2.1, which fixes vulnerabilities #2 and #3. Edit the source code to ensure that input is properly sanitised.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://www.htbridge.ch/advisory/multiple_xss_in_zenphoto.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
