Vulnerabilities > CVE-2006-2052 - Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Instant Photo Gallery 1.0 member.php member Parameter XSS. CVE-2006-2052. Webapps exploit for php platform id EDB-ID:27737 last seen 2016-02-03 modified 2006-04-25 published 2006-04-25 reporter Qex source https://www.exploit-db.com/download/27737/ title Instant Photo Gallery 1.0 member.php member Parameter XSS description Instant Photo Gallery 1.0 portfolio_photo_popup.php id Parameter XSS. CVE-2006-2052 . Webapps exploit for php platform id EDB-ID:27739 last seen 2016-02-03 modified 2006-04-25 published 2006-04-25 reporter Qex source https://www.exploit-db.com/download/27739/ title Instant Photo Gallery 1.0 portfolio_photo_popup.php id Parameter XSS