CVE-2006-3032

Properties

Published:
14.06.2006
Updated:
24.10.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
    Product:
    Pensacola Web Designs: Xtreme ASP Photo Gallery
    Pensacola Web Designs: Xtreme ASP Photo Gallery

    Vulnerability description

    Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 (trial), allow remote attackers to inject arbitrary web script or HTML via the (1) catname and (2) total parameters in (a) displaypic.asp, and the (3) catname parameter in (b) displaythumbs.asp.

    References:

    http://pridels.blogspot.com/2006/06/xtreme-asp-photo-gallery-xss-vuln.html: http://pridels.blogspot.com/2006/06/xtreme-asp-photo-gallery-xss-vuln.html
    FRSIRT: http://www.frsirt.com/english/advisories/2006/2292
    SECUNIA: http://secunia.com/advisories/20604
    XF: http://xforce.iss.net/xforce/xfdb/27033
    OSVDB: http://www.osvdb.org/26398
    OSVDB: http://www.osvdb.org/26399