Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN69175956/index.html | Vendor Advisory |
http://www.php-factory.net/trivia/16.php | Vendor Advisory |
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000113 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2015-08-22 14:59
Updated : 2015-08-24 09:37
NVD link : CVE-2015-2982
Mitre link : CVE-2015-2982
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
php_kobo
- photo_gallery_cms_free