CVE-2006-2397

Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20095	Vendor Advisory
http://securityreason.com/securityalert/906
http://www.osvdb.org/25497
http://www.osvdb.org/25498
http://www.osvdb.org/25499
http://www.securityfocus.com/archive/1/433936/100/0/threaded
http://www.securityfocus.com/bid/17967	Exploit
http://www.vupen.com/english/advisories/2006/1806
https://exchange.xforce.ibmcloud.com/vulnerabilities/26426

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gphotos:gphotos:1.4:::::::*
	cpe:2.3:a:gphotos:gphotos:1.5:::::::*

History

No history.

Information

Published : 2006-05-16 01:02

Updated : 2024-02-04 16:52

NVD link : CVE-2006-2397

Mitre link : CVE-2006-2397

CVE.ORG link : CVE-2006-2397

JSON object : View

Products Affected

gphotos

gphotos

CWE

NVD-CWE-Other

{"id": "CVE-2006-2397", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-05-16T01:02:00.000", "references": [{"url": "http://secunia.com/advisories/20095", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/906", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25497", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25498", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25499", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/433936/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17967", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1806", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26426", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal."}], "lastModified": "2018-10-18T16:39:43.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gphotos:gphotos:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9A226B0-22D0-46FF-BF3A-AF4690CC1C3E"}, {"criteria": "cpe:2.3:a:gphotos:gphotos:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D790E5B-F020-4566-974C-37C60376883C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}