CVE-2012-0995

Name: CVE-2012-0995
Creator: NVD / NIST
Published: 2012-02-21T13:31:45.72+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.43%

Last modified Jun 16, 2026

CVE-2012-0995 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php.. EPSS estimates a 1.43% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php.

Metrics

EPSS Probability

1.43%

69.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Zenphoto	Zenphoto	1.4.2

References

http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.htmlExploit
http://secunia.com/advisories/47875Vendor Advisory
http://www.securityfocus.com/bid/51916Exploit
http://www.zenphoto.org/news/zenphoto-1.4.2.1
http://www.zenphoto.org/trac/changeset/8994Exploit, Patch
http://www.zenphoto.org/trac/changeset/8995Exploit, Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/73083
https://www.htbridge.ch/advisory/HTB23070Exploit
http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.htmlExploit
http://secunia.com/advisories/47875Vendor Advisory
http://www.securityfocus.com/bid/51916Exploit
http://www.zenphoto.org/news/zenphoto-1.4.2.1
http://www.zenphoto.org/trac/changeset/8994Exploit, Patch
http://www.zenphoto.org/trac/changeset/8995Exploit, Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/73083
https://www.htbridge.ch/advisory/HTB23070Exploit

Timeline

Published: Feb 21, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-0995?

How severe is CVE-2012-0995?

Severity scoring for CVE-2012-0995 is pending analysis. The EPSS model estimates a 1.43% probability of exploitation in the next 30 days.

How do I fix CVE-2012-0995?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-0995?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST