ID CVE-2006-2913
Summary Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.
References
Vulnerable Configurations
  • cpe:2.3:a:out_of_the_trees_web_design:selectapix:1.31:*:*:*:*:*:*:*
    cpe:2.3:a:out_of_the_trees_web_design:selectapix:1.31:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bid 18349
misc http://secunia.com/secunia_research/2006-39/advisory/
osvdb
  • 26247
  • 26248
secunia 20134
vupen ADV-2006-2232
xf selectapix-popup-viewalbum-xss(27012)
Last major update 20-07-2017 - 01:31
Published 09-06-2006 - 10:02
Last modified 20-07-2017 - 01:31
Back to Top