Multiple Cross-Site Scripting Vulnerabilities in GPhotos by GPhotos
CVE-2006-2397

Currently unrated

Key Information:

Vendor: Gphotos
Status: Gphotos
Vendor: CVE Published:; 16 May 2006

What is CVE-2006-2397?

GPhotos 1.5 and prior versions are susceptible to multiple cross-site scripting (XSS) vulnerabilities. These flaws permit remote attackers to inject arbitrary web scripts or HTML through the 'rep' parameter in both index.php and diapo.php, or the 'image' parameter in affich.php. There is a potential directory traversal issue that may be leveraged in the exploitation process. Ensuring your GPhotos installation is updated and secure is crucial for protecting against these types of attacks.

References

http://www.securityfocus.com/bid/17967

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2006/1806

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/25499

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2006
Vulnerability Reserved
May 15, 2006

CVE-2006-2397 Data

JSON

Gphotos

What is CVE-2006-2397?

References

Timeline