Vulnerabilities > CVE-2006-3265 - Cross-Site Scripting vulnerability in Qdig

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

qdig

NVD

Published: 2006-06-27

Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters.

Vulnerable Configurations

Part	Description	Count
Application	Qdig Qdig Qdig 1.1.3 Qdig Qdig 1.2.0 Qdig Qdig 1.2.1 Qdig Qdig 1.2.2 Qdig Qdig 1.2.3 Qdig Qdig 1.2.4 Qdig Qdig 1.2.5 Qdig Qdig 1.2.6 Qdig Qdig 1.2.7 Qdig Qdig 1.2.8 Qdig Qdig 1.2.9 Qdig Qdig 1.2.9.1 Qdig Qdig 1.2.9.2	13

References

http://qdig.sourceforge.net/News/News2006-06-24-1
http://secunia.com/advisories/20808
http://securityreason.com/securityalert/538
http://www.osvdb.org/26828
http://www.vupen.com/english/advisories/2006/2514
https://exchange.xforce.ibmcloud.com/vulnerabilities/27471