CVE-2006-1675
published 2006-04-10CVE-2006-1675: Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2)…
PriorityP414low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
1.85%
76.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpwebgallery | phpwebgallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j8rh-p6q9-p556: Cross-site scripting (XSS) vulnerability in search
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2006-1674 [LOW] GHSA-j8rh-p6q9-p556: Cross-site scripting (XSS) vulnerability in search
Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675.
GHSA
GHSA-vjmr-wrvf-m733: Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2006-1675 [LOW] GHSA-vjmr-wrvf-m733: Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1
Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674.
No detection rules found.
Exploit-DB
PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting
exploitdb·2006-04-10
CVE-2006-1675 PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting
PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17421/info
PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/phpwebgallery_dir/category.php?cat=">[xss]
http://www.example.com/phpwebgallery_dir/category.php?cat=">[xss]&num=0
http://www.example.com/phpwebgallery_dir/category.php?cat=1&num=">[xss]
http://www.example.com/phpwebgallery_dir/catego
Exploit-DB
PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting
exploitdb·2006-04-10
CVE-2006-1675 PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting
PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/17421/info
PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/phpwebgallery_dir/picture.php?cat=1&image_id=1&slideshow=">[xss]
http://www.example.com/phpwebgallery_dir/picture.php?cat=1&image_id=1&show_metadata=">[xss]
http://www.example.com/phpwebgallery_dir/picture.php?cat=1&image_id=1&start=">[
No writeups or analysis indexed.
http://secunia.com/advisories/19610http://www.securityfocus.com/archive/1/430481/100/0/threadedhttp://www.securityfocus.com/bid/17421http://www.vupen.com/english/advisories/2006/1301https://exchange.xforce.ibmcloud.com/vulnerabilities/25733http://secunia.com/advisories/19610http://www.securityfocus.com/archive/1/430481/100/0/threadedhttp://www.securityfocus.com/bid/17421http://www.vupen.com/english/advisories/2006/1301https://exchange.xforce.ibmcloud.com/vulnerabilities/25733
2006-04-10
Published