Browse all 7 CVE security advisories affecting Zenphoto. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Zenphoto serves as a self-hosted gallery and content management system focused on media organization and display. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with seven CVEs documented. Security researchers have identified input validation weaknesses and improper access controls as recurring problems. While no major public security incidents have been widely reported, the consistent discovery of critical vulnerabilities highlights the importance of regular updates and hardening for deployments handling sensitive content. The application's open-source nature allows for community scrutiny but also exposes potential attack surfaces that require careful configuration.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-53916 | Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field — ZenphotoCWE-79 | 4.6 | Medium | 2025-12-17 |
| CVE-2023-53915 | Zenphoto 1.6 Stored Cross-Site Scripting via Album Description — ZenphotoCWE-79 | 4.6 | Medium | 2025-12-17 |
| CVE-2022-44449 | ZenPhoto 跨站脚本漏洞 — Zenphoto | 4.8 | - | 2022-12-21 |
| CVE-2020-5593 | ZenPhoto 注入漏洞 — Zenphoto | 8.8 | - | 2020-06-11 |
| CVE-2020-5592 | ZenPhoto 跨站脚本漏洞 — Zenphoto | 6.1 | - | 2020-06-11 |
| CVE-2012-4519 | ZenPhoto 跨站脚本漏洞 — Zenphoto | 6.1 | - | 2020-02-11 |
| CVE-2018-0610 | Zenphoto 安全漏洞 — Zenphoto | 7.2 | - | 2018-06-26 |
This page lists every published CVE security advisory associated with Zenphoto. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.