2019-12-31 20:42:43
mitre
PUBLISHED
Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.