NVD Vulnerability Detail

CVE-2018-20140

Summary	Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.
Publication Date	March 22, 2019, 1 a.m.
Registration Date	March 1, 2021, 7:16 p.m.
Last Update	Nov. 21, 2024, 1 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:zenphoto:zenphoto:1.4.14:::::::*

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/151052/ZenPhoto-1.4.14-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/151052/ZenPhoto-1.4.14-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
3	http://seclists.org/fulldisclosure/2019/Jan/22	Mailing List Third Party Advisory
4	http://seclists.org/fulldisclosure/2019/Jan/22	Mailing List Third Party Advisory
5	https://github.com/zenphoto/zenphoto/commit/695fb61707e4286b64f6e446c189b449bd07d00a	Patch Third Party Advisory
6	https://github.com/zenphoto/zenphoto/commit/695fb61707e4286b64f6e446c189b449bd07d00a	Patch Third Party Advisory
7	https://github.com/zenphoto/zenphoto/commit/9db85fcf9cc97887b81f34f03dcb180fd74e57da	Patch Third Party Advisory
8	https://github.com/zenphoto/zenphoto/commit/9db85fcf9cc97887b81f34f03dcb180fd74e57da	Patch Third Party Advisory
9	https://www.netsparker.com/web-applications-advisories/ns-18-043-cross-site-scripting-in-zenphoto/	Exploit Third Party Advisory
10	https://www.netsparker.com/web-applications-advisories/ns-18-043-cross-site-scripting-in-zenphoto/	Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

JVN Vulnerability Information

Zenphoto におけるクロスサイトスクリプティングの脆弱性

Title	Zenphoto におけるクロスサイトスクリプティングの脆弱性
Summary	Zenphoto には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 11, 2018, midnight
Registration Date	April 12, 2019, 10:01 a.m.
Last Update	April 12, 2019, 10:01 a.m.

Affected System

Zenphoto

Zenphoto 1.4.14

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-20140	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20140
2	CVE-2018-20140	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20140
National Vulnerability Database (NVD)
3	CVE-2018-20140	https://nvd.nist.gov/vuln/detail/CVE-2018-20140
4	CVE-2018-20140	https://nvd.nist.gov/vuln/detail/CVE-2018-20140

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html
2	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Github
1	Follow up…	https://github.com/zenphoto/zenphoto/commit/695fb61707e4286b64f6e446c189b449bd07d00a
2	Follow up…	https://github.com/zenphoto/zenphoto/commit/695fb61707e4286b64f6e446c189b449bd07d00a
3	Some html encoding	https://github.com/zenphoto/zenphoto/commit/9db85fcf9cc97887b81f34f03dcb180fd74e57da
4	Some html encoding	https://github.com/zenphoto/zenphoto/commit/9db85fcf9cc97887b81f34f03dcb180fd74e57da

Change Log

No	Changed Details	Date of change
1	[2019年04月12日] 掲載	April 12, 2019, 10:01 a.m.