CVE-2005-0928

Properties

Published:
01.05.2005
Updated:
27.09.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:C/A:N/B:N) Approximated
    Product:
    PhotoPost: PhotoPost PHP Pro

    Vulnerability description

    Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

    References:

    MISC: http://securitytracker.com/id?1013581
    SECUNIA: http://secunia.com/advisories/14742
    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111205342909640&w=2
    OSVDB: http://www.osvdb.org/15096
    OSVDB: http://www.osvdb.org/15097
    OSVDB: http://www.osvdb.org/15098