Vulnerabilities > CVE-2006-3036 - Cross-Site Scripting vulnerability in Andy Mack 35Mmslidegallery 6.0

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
andy-mack
exploit available
NVD
Published: 2006-06-15
Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php.

Vulnerable Configurations

Part Description Count
Application
Andy_Mack
1

Exploit-Db

  • descriptionAndy Mack 35mm Slide Gallery 6.0 popup.php Multiple Parameter XSS. CVE-2006-3036. Webapps exploit for php platform
    idEDB-ID:28021
    last seen2016-02-03
    modified2006-06-13
    published2006-06-13
    reporterblack-cod3
    sourcehttps://www.exploit-db.com/download/28021/
    titleAndy Mack 35mm Slide Gallery 6.0 popup.php Multiple Parameter XSS
  • descriptionAndy Mack 35mm Slide Gallery 6.0 index.php imgdir Parameter XSS. CVE-2006-3036. Webapps exploit for php platform
    idEDB-ID:28020
    last seen2016-02-03
    modified2006-06-13
    published2006-06-13
    reporterblack-cod3
    sourcehttps://www.exploit-db.com/download/28020/
    titleAndy Mack 35mm Slide Gallery 6.0 index.php imgdir Parameter XSS

References