Vulnerabilities > CVE-2006-2187 - Cross-Site Scripting vulnerability in Zenphoto

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
zenphoto
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. This vulnerability is addressed in the following product release: zenphoto, zenphoto, 1.0.2 beta

Exploit-Db

  • descriptionzenphoto 0.9/1.0 index.php Multiple Parameter XSS. CVE-2006-2187. Webapps exploit for php platform
    idEDB-ID:27796
    last seen2016-02-03
    modified2006-05-02
    published2006-05-02
    reporterzone14
    sourcehttps://www.exploit-db.com/download/27796/
    titlezenphoto 0.9/1.0 index.php Multiple Parameter XSS
  • descriptionzenphoto 0.9/1.0 i.php a Parameter XSS. CVE-2006-2187. Webapps exploit for php platform
    idEDB-ID:27795
    last seen2016-02-03
    modified2006-05-02
    published2006-05-02
    reporterzone14
    sourcehttps://www.exploit-db.com/download/27795/
    titlezenphoto 0.9/1.0 i.php a Parameter XSS