CVE-2005-0928 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat (2) password (3) ppuser (4) sort or (5) si parameters to showgallery.php the (6) ppuser (7) sort or (8) si parameters to showmembers.php or (9) the photo parameter to slideshow.php.

Reference

http://marc.info/?l=bugtraq&m=111205342909640&w=2 http://secunia.com/advisories/14742 http://securitytracker.com/id?1013581 http://www.osvdb.org/15096 http://www.osvdb.org/15097 http://www.osvdb.org/15098