6.8
CVSSv2

CVE-2006-2187

Published: 04/05/2006 Updated: 18/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 690
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.

Affected Products

Vendor Product Versions
ZenphotoZenphoto0.9, 1.0.1 Beta, 1.0 Beta

Exploits

source: wwwsecurityfocuscom/bid/17779/info Zenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site Thi ...
source: wwwsecurityfocuscom/bid/17779/info Zenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site T ...