Vulnerabilities > CVE-2006-2187 - Unspecified vulnerability in Zenphoto
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN zenphoto
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
Vulnerable Configurations
Exploit-Db
description zenphoto 0.9/1.0 index.php Multiple Parameter XSS. CVE-2006-2187. Webapps exploit for php platform id EDB-ID:27796 last seen 2016-02-03 modified 2006-05-02 published 2006-05-02 reporter zone14 source https://www.exploit-db.com/download/27796/ title zenphoto 0.9/1.0 index.php Multiple Parameter XSS description zenphoto 0.9/1.0 i.php a Parameter XSS. CVE-2006-2187. Webapps exploit for php platform id EDB-ID:27795 last seen 2016-02-03 modified 2006-05-02 published 2006-05-02 reporter zone14 source https://www.exploit-db.com/download/27795/ title zenphoto 0.9/1.0 i.php a Parameter XSS
References
- http://www.securityfocus.com/archive/1/432718/100/0/threaded
- http://www.securityfocus.com/archive/1/432718/100/0/threaded
- http://www.securityfocus.com/bid/17779
- http://www.securityfocus.com/bid/17779
- http://zone14.free.fr/advisories/2/
- http://zone14.free.fr/advisories/2/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26219
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26219