CVE-2006-3032

Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 (trial), allow remote attackers to inject arbitrary web script or HTML via the (1) catname and (2) total parameters in (a) displaypic.asp, and the (3) catname parameter in (b) displaythumbs.asp.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20604	Vendor Advisory
http://www.osvdb.org/26398
http://www.osvdb.org/26399
http://pridels0.blogspot.com/2006/06/xtreme-asp-photo-gallery-xss-vuln.html
http://www.vupen.com/english/advisories/2006/2292
https://exchange.xforce.ibmcloud.com/vulnerabilities/27033

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pensacola_web_designs:xtreme_asp_photo_gallery:1.05:::::::*
	cpe:2.3:a:pensacola_web_designs:xtreme_asp_photo_gallery:2.0:::::::*

Information

Published : 2006-06-15 03:02

Updated : 2017-07-19 18:31

NVD link : CVE-2006-3032

Mitre link : CVE-2006-3032

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

pensacola_web_designs

xtreme_asp_photo_gallery

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/20604", "name": "20604", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/26398", "name": "26398", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/26399", "name": "26399", "tags": [], "refsource": "OSVDB"}, {"url": "http://pridels0.blogspot.com/2006/06/xtreme-asp-photo-gallery-xss-vuln.html", "name": "http://pridels0.blogspot.com/2006/06/xtreme-asp-photo-gallery-xss-vuln.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2006/2292", "name": "ADV-2006-2292", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27033", "name": "xtremeasp-displaypic-xss(27033)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 (trial), allow remote attackers to inject arbitrary web script or HTML via the (1) catname and (2) total parameters in (a) displaypic.asp, and the (3) catname parameter in (b) displaythumbs.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3032", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-06-15T10:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pensacola_web_designs:xtreme_asp_photo_gallery:1.05:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pensacola_web_designs:xtreme_asp_photo_gallery:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:31Z"}