Vulnerabilities > CVE-2006-2052 - Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
verosky-media
exploit available
NVD
Published: 2006-04-26
Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product.

Vulnerable Configurations

Part Description Count
Application
Verosky_Media
1

Exploit-Db

  • descriptionInstant Photo Gallery 1.0 member.php member Parameter XSS. CVE-2006-2052. Webapps exploit for php platform
    idEDB-ID:27737
    last seen2016-02-03
    modified2006-04-25
    published2006-04-25
    reporterQex
    sourcehttps://www.exploit-db.com/download/27737/
    titleInstant Photo Gallery 1.0 member.php member Parameter XSS
  • descriptionInstant Photo Gallery 1.0 portfolio_photo_popup.php id Parameter XSS. CVE-2006-2052 . Webapps exploit for php platform
    idEDB-ID:27739
    last seen2016-02-03
    modified2006-04-25
    published2006-04-25
    reporterQex
    sourcehttps://www.exploit-db.com/download/27739/
    titleInstant Photo Gallery 1.0 portfolio_photo_popup.php id Parameter XSS

References