CVE-2004-1871 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser (2) password (3) stype (4) perpage (5) sort (6) page (7) si or (8) cat parameters to showmembers.php or the (9) photo name (10) photo description (11) album name or (12) album description fields.

Reference

http://marc.info/?l=bugtraq&m=108057790723123&w=2 http://secunia.com/advisories/11241 http://securitytracker.com/id?1009571 http://www.gulftech.org/03282004.php http://www.securityfocus.com/bid/9994 https://exchange.xforce.ibmcloud.com/vulnerabilities/15643