CVE-2006-2397
Summary
| CVE | CVE-2006-2397 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-05-16 01:02:00 UTC |
| Updated | 2018-10-18 16:39:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 25498 | OSVDB | www.osvdb.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Gphotos Multiple Input Validation Vulnerabilities | BID | www.securityfocus.com | Exploit |
| 25499 | OSVDB | www.osvdb.org | |
| 25497 | OSVDB | www.osvdb.org | |
| Gphotos Directory Traversal and Cross Site Scripting - CXSecurity.com | SREASON | securityreason.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Secunia - Advisories - GPhotos Cross-Site Scripting and Disclosure of Arbitrary Directories | SECUNIA | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.