CVE-2008-3511

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:softbiz:image_gallery:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-08-07 20:41

Updated : 2024-02-04 17:33


NVD link : CVE-2008-3511

Mitre link : CVE-2008-3511

CVE.ORG link : CVE-2008-3511


JSON object : View

Products Affected

softbiz

  • image_gallery
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')