Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gphotos | Gphotos | 1.4 |
References
- http://secunia.com/advisories/20095Vendor Advisory
- http://securityreason.com/securityalert/906
- http://www.osvdb.org/25497
- http://www.osvdb.org/25498
- http://www.osvdb.org/25499
- http://www.securityfocus.com/archive/1/433936/100/0/threaded
- http://www.securityfocus.com/bid/17967Exploit
- http://www.vupen.com/english/advisories/2006/1806
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26426
- http://secunia.com/advisories/20095Vendor Advisory
- http://securityreason.com/securityalert/906
- http://www.osvdb.org/25497
- http://www.osvdb.org/25498
- http://www.osvdb.org/25499
- http://www.securityfocus.com/archive/1/433936/100/0/threaded
FAQ
What is CVE-2006-2397?
CVE-2006-2397 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php...
How severe is CVE-2006-2397?
CVE-2006-2397 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2397?
Check the references section above for vendor advisories and patch information. Affected products include: Gphotos Gphotos.