CVE-2006-6936 - Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inje

CVE-2006-6936

Summary

Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.

References

http://securityreason.com/securityalert/2148
http://www.securityfocus.com/archive/1/451786/100/0/threaded
http://www.securityfocus.com/bid/21138
https://exchange.xforce.ibmcloud.com/vulnerabilities/30327

Vulnerable Configurations

cpe:2.3:a:pensacola_web_designs:xtremeasp_photogallery:2.0:*:*:*:*:*:*:*
cpe:2.3:a:pensacola_web_designs:xtremeasp_photogallery:2.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	21138
bugtraq	20061116 Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
sreason	2148
xf	xtremeasp-displaypicasp-xss(30327)

Last major update

16-10-2018 - 16:29

Published

17-01-2007 - 00:28

Last modified

16-10-2018 - 16:29