Zenphoto Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	17779
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 02 2006 12:00AM
Updated:	Oct 13 2006 04:09PM
Credit:	zone14 is credited with the discovery of these vulnerabilities.
Vulnerable:	Zenphoto zenphoto 1.0.2 beta Zenphoto zenphoto 1.0.1 beta Zenphoto zenphoto 1.0 beta Zenphoto zenphoto 0.9
Not Vulnerable:	Zenphoto zenphoto 1.0.3 beta

Zenphoto Multiple Cross-Site Scripting Vulnerabilities

Zenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Zenphoto versions prior to 1.0.3 are vulnerable to this issue.

Zenphoto Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues via a web client.

The following example URIs were provided to demonstrate these issues:

• /data/vulnerabilities/exploits/Zenphoto-xss-0502.txt

Zenphoto Multiple Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released version 1.0.2 beta to address these issues.


Zenphoto zenphoto 0.9

• Zenphoto zenphoto-1.0.2b.tar.gz
  http://www.zenphoto.org/files/zenphoto-1.0.2b.tar.gz

Zenphoto zenphoto 1.0 beta

• Zenphoto zenphoto-1.0.2b.tar.gz
  http://www.zenphoto.org/files/zenphoto-1.0.2b.tar.gz

Zenphoto zenphoto 1.0.1 beta

• Zenphoto zenphoto-1.0.2b.tar.gz
  http://www.zenphoto.org/files/zenphoto-1.0.2b.tar.gz

Zenphoto Multiple Cross-Site Scripting Vulnerabilities

References:

• Zenphoto Changelog (Zenphoto)
  
• Zenphoto Homepage (Zenphoto)
  
• zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities (zone14)