Vulnerabilities > CVE-2006-2750 - Input Validation vulnerability in Open Searchable Image Catalogue

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE

Summary

Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. Upgrade to version 0.7.0.1

Vulnerable Configurations

Part Description Count
Application
Open_Searchable_Image_Catalogue
1