CVE-2005-0928

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0928
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
photopost / photopost_php_pro	5.02	5.02.x

http://marc.info/?l=bugtraq&m=111205342909640&w=2
http://secunia.com/advisories/14742
http://securitytracker.com/id?1013581
http://www.osvdb.org/15096
http://www.osvdb.org/15097
http://www.osvdb.org/15098

Vulnerability Database

289,871

CVE-2005-0928