{"id":"CVE-2014-9236","details":"Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.","modified":"2026-04-10T03:44:48.238969Z","published":"2014-12-03T21:59:06Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/129141/Zoph-0.9.1-Cross-Site-Scripting-SQL-Injection.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2014/Nov/45"}],"schema_version":"1.7.5"}