Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Configurations
History
21 Nov 2024, 00:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/30546 - Exploit | |
References | () http://www.securityfocus.com/bid/30546/exploit - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/44433 - |
Information
Published : 2008-08-07 20:41
Updated : 2024-11-21 00:49
NVD link : CVE-2008-3511
Mitre link : CVE-2008-3511
CVE.ORG link : CVE-2008-3511
JSON object : View
Products Affected
softbiz
- image_gallery
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')