CVE-2018-20140 (zenphoto)

Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.
Source: NIST