CVE-2006-3036

Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20652	Vendor Advisory
http://securityreason.com/securityalert/1100
http://www.osvdb.org/26507
http://www.osvdb.org/26508
http://www.securityfocus.com/archive/1/436959/100/0/threaded
http://www.securityfocus.com/bid/18414	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/27127

Configurations

Configuration 1 (hide)

cpe:2.3:a:andy_mack:35mmslidegallery:6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-06-15 10:02

Updated : 2024-02-04 16:52

NVD link : CVE-2006-3036

Mitre link : CVE-2006-3036

CVE.ORG link : CVE-2006-3036

JSON object : View

Products Affected

andy_mack

35mmslidegallery

CWE

NVD-CWE-Other

{"id": "CVE-2006-3036", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-06-15T10:02:00.000", "references": [{"url": "http://secunia.com/advisories/20652", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1100", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/26507", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/26508", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/436959/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18414", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27127", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades cross-site scripting (XSS) en 35mmslidegallery 6.0 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s (1) del par\u00e1metro imgdir en (a) index.php, y los par\u00e1metros (2) w, (3) h y (4) t en (b) popup.php."}], "lastModified": "2018-10-18T16:45:13.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:andy_mack:35mmslidegallery:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B1FFCAC-5652-46BB-8617-AE5A336EA903"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}