CVE-2004-1871

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.

Published: Mar 29, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1871
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
photopost / photopost_php_pro	4.0	4.0.x
photopost / photopost_php_pro	3.1	3.1.x
photopost / photopost_php_pro	4.1	4.1.x
photopost / photopost_php_pro	3.3	3.3.x
photopost / photopost_php_pro	4.6	4.6.x
photopost / photopost_php_pro	4.8.1	4.8.1.x
photopost / photopost_php_pro	3.2	3.2.x

http://marc.info/?l=bugtraq&m=108057790723123&w=2
http://secunia.com/advisories/11241
http://securitytracker.com/id?1009571
http://www.gulftech.org/03282004.php
http://www.securityfocus.com/bid/9994
https://exchange.xforce.ibmcloud.com/vulnerabilities/15643

Vulnerability Database

289,782

CVE-2004-1871