Vulnerabilities > CVE-2006-2187 - Cross-Site Scripting vulnerability in Zenphoto
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. This vulnerability is addressed in the following product release: zenphoto, zenphoto, 1.0.2 beta
Vulnerable Configurations
Exploit-Db
description zenphoto 0.9/1.0 index.php Multiple Parameter XSS. CVE-2006-2187. Webapps exploit for php platform id EDB-ID:27796 last seen 2016-02-03 modified 2006-05-02 published 2006-05-02 reporter zone14 source https://www.exploit-db.com/download/27796/ title zenphoto 0.9/1.0 index.php Multiple Parameter XSS description zenphoto 0.9/1.0 i.php a Parameter XSS. CVE-2006-2187. Webapps exploit for php platform id EDB-ID:27795 last seen 2016-02-03 modified 2006-05-02 published 2006-05-02 reporter zone14 source https://www.exploit-db.com/download/27795/ title zenphoto 0.9/1.0 i.php a Parameter XSS