Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.
oryginał ENCVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:NPicturespro Photo Cart
APPPicturespro3.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje
Powiązane podatności
CVE-2006-6093HIGH7.5ten sam produkt
Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remot...
CVE-2008-3788MEDIUM6.8ten sam produkt
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow...
CVE-2008-1536MEDIUM4.3ten sam produkt
Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows...
CVE-2018-5190CRITICAL9.8ten sam vendor
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary custom...