Vulnerabilities > CVE-2006-2955 - Cross-Site Scripting vulnerability in KAPhotoservice

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
kaphotoservice
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.

Vulnerable Configurations

Part Description Count
Application
Kaphotoservice
1

Exploit-Db

  • descriptionKAPhotoservice 7.5 album.asp cat Parameter XSS. CVE-2006-2955 . Webapps exploit for asp platform
    idEDB-ID:28002
    last seen2016-02-03
    modified2006-06-09
    published2006-06-09
    reporterr0t
    sourcehttps://www.exploit-db.com/download/28002/
    titleKAPhotoservice 7.5 album.asp cat Parameter XSS
  • descriptionKAPhotoservice 7.5 edtalbum.asp Multiple Parameter XSS. CVE-2006-2955. Webapps exploit for asp platform
    idEDB-ID:28004
    last seen2016-02-03
    modified2006-06-09
    published2006-06-09
    reporterr0t
    sourcehttps://www.exploit-db.com/download/28004/
    titleKAPhotoservice 7.5 edtalbum.asp Multiple Parameter XSS
  • descriptionKAPhotoservice 7.5 albums.asp albumid Parameter XSS. CVE-2006-2955 . Webapps exploit for asp platform
    idEDB-ID:28003
    last seen2016-02-03
    modified2006-06-09
    published2006-06-09
    reporterr0t
    sourcehttps://www.exploit-db.com/download/28003/
    titleKAPhotoservice 7.5 albums.asp albumid Parameter XSS