Vulnerabilities > CVE-2006-3476 - Cross-Site Scripting vulnerability in PHPWebGallery
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description | PHPWebGallery 1.x Comments.PHP Cross-site Scripting Vulnerability. CVE-2006-3476. Webapps exploit for php platform |
id | EDB-ID:28161 |
last seen | 2016-02-03 |
modified | 2006-07-04 |
published | 2006-07-04 |
reporter | iss4m |
source | https://www.exploit-db.com/download/28161/ |
title | PHPWebGallery 1.x Comments.PHP Cross-Site Scripting Vulnerability |
References
- http://secunia.com/advisories/20935
- http://securityreason.com/securityalert/1228
- http://securitytracker.com/id?1016435
- http://www.securityfocus.com/archive/1/439049/100/0/threaded
- http://www.securityfocus.com/bid/18798
- http://www.vupen.com/english/advisories/2006/2669
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27526