Vulnerability Description
Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Searchable Image Catalogue | Open Searchable Image Catalogue | <= 0.7.0.0 |
References
- http://secunia.com/advisories/20341
- http://securityreason.com/securityalert/1014
- http://securitytracker.com/id?1016178
- http://sourceforge.net/forum/forum.php?forum_id=576483
- http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?
- http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt
- http://www.securityfocus.com/archive/1/435380/100/0/threaded
- http://www.securityfocus.com/bid/18169
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26966
- http://secunia.com/advisories/20341
- http://securityreason.com/securityalert/1014
- http://securitytracker.com/id?1016178
- http://sourceforge.net/forum/forum.php?forum_id=576483
- http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?
- http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt
FAQ
What is CVE-2006-2750?
CVE-2006-2750 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or...
How severe is CVE-2006-2750?
CVE-2006-2750 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2750?
Check the references section above for vendor advisories and patch information. Affected products include: Open Searchable Image Catalogue Open Searchable Image Catalogue.