CVE-2006-6936

Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securityreason.com/securityalert/2148
http://www.securityfocus.com/archive/1/451786/100/0/threaded
http://www.securityfocus.com/bid/21138	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/30327

Configurations

Configuration 1 (hide)

cpe:2.3:a:pensacola_web_designs:xtremeasp_photogallery:2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-01-17 00:28

Updated : 2024-02-04 17:13

NVD link : CVE-2006-6936

Mitre link : CVE-2006-6936

CVE.ORG link : CVE-2006-6936

JSON object : View

Products Affected

pensacola_web_designs

xtremeasp_photogallery

CWE

NVD-CWE-Other

6.8 /10