CVE-2006-2397

Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/17967	Exploit
http://secunia.com/advisories/20095	Vendor Advisory
http://www.osvdb.org/25497
http://www.osvdb.org/25498
http://www.osvdb.org/25499
http://securityreason.com/securityalert/906
http://www.vupen.com/english/advisories/2006/1806
https://exchange.xforce.ibmcloud.com/vulnerabilities/26426
http://www.securityfocus.com/archive/1/433936/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gphotos:gphotos:1.5:::::::*
	cpe:2.3:a:gphotos:gphotos:1.4:::::::*

Information

Published : 2006-05-15 18:02

Updated : 2018-10-18 09:39

NVD link : CVE-2006-2397

Mitre link : CVE-2006-2397

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

gphotos

gphotos

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/17967", "name": "17967", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/20095", "name": "20095", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/25497", "name": "25497", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/25498", "name": "25498", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/25499", "name": "25499", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/906", "name": "906", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/1806", "name": "ADV-2006-1806", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26426", "name": "gphotos-multiple-xss(26426)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/433936/100/0/threaded", "name": "20060513 Gphotos Directory Traversal and Cross Site Scripting", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2397", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-05-16T01:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gphotos:gphotos:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gphotos:gphotos:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:39Z"}