Vulnerabilities > Phpwebgallery > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-16 | CVE-2008-4591 | Cross-Site Scripting vulnerability in PHPwebgallery 1.3.4 Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters. | 4.3 |
| 2008-08-04 | CVE-2008-3451 | Information Exposure vulnerability in PHPwebgallery 1.7.0/1.7.1 PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | 4.0 |
| 2007-09-20 | CVE-2007-5012 | Cross-Site Scripting vulnerability in PHPwebgallery 1.7.0 Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. | 4.3 |
| 2007-02-26 | CVE-2007-1109 | Cross-Site Scripting vulnerability in PHPwebgallery Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. | 4.3 |
| 2006-07-10 | CVE-2006-3476 | Cross-Site Scripting vulnerability in PHPWebGallery Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. network phpwebgallery | 4.3 |
| 2006-04-26 | CVE-2006-2041 | Remote Security vulnerability in PHPwebgallery 1.0/1.4.1/1.5.1 PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. | 5.0 |