{"api_version":"1","generated_at":"2026-07-17T16:43:35+00:00","cve":"CVE-2006-2955","urls":{"html":"https://cve.report/CVE-2006-2955","api":"https://cve.report/api/cve/CVE-2006-2955.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2955","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2955"},"summary":{"title":"CVE-2006-2955","description":"Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-12 20:06:00","updated_at":"2017-07-20 01:31:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/18379","name":"18379","refsource":"BID","tags":[],"title":"KAPhotoservice Multiple Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/26275","name":"26275","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://securitytracker.com/id?1016253","name":"1016253","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - KAPhotoservice Missing Input Validation Permits Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20521","name":"20521","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"KAPhotoservice Cross-Site Scripting and Script Insertion - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2251","name":"ADV-2006-2251","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/26276","name":"26276","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://pridels0.blogspot.com/2006/06/kaphotoservice-75-vuln.html","name":"http://pridels0.blogspot.com/2006/06/kaphotoservice-75-vuln.html","refsource":"MISC","tags":[],"title":"- UNSECURED SYSTEMS -: KAPhotoservice  <=7.5 vuln.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27073","name":"kaphotoservice-multiple-xss(27073)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2955","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2955","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2955","vulnerable":"1","versionEndIncluding":"7.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaphotoservice","cpe5":"kaphotoservice","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2955","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://pridels0.blogspot.com/2006/06/kaphotoservice-75-vuln.html","refsource":"MISC","url":"http://pridels0.blogspot.com/2006/06/kaphotoservice-75-vuln.html"},{"name":"26276","refsource":"OSVDB","url":"http://www.osvdb.org/26276"},{"name":"1016253","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016253"},{"name":"18379","refsource":"BID","url":"http://www.securityfocus.com/bid/18379"},{"name":"ADV-2006-2251","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2251"},{"name":"kaphotoservice-multiple-xss(27073)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27073"},{"name":"20521","refsource":"SECUNIA","url":"http://secunia.com/advisories/20521"},{"name":"26275","refsource":"OSVDB","url":"http://www.osvdb.org/26275"}]}},"nvd":{"publishedDate":"2006-06-12 20:06:00","lastModifiedDate":"2017-07-20 01:31:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaphotoservice:kaphotoservice:*:*:*:*:*:*:*:*","versionEndIncluding":"7.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2955","Ordinal":"18275","Title":"CVE-2006-2955","CVE":"CVE-2006-2955","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2955","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2955","Ordinal":"2","NoteData":"2006-06-12","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2955","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}