CVE-2006-1760 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php (2) Classic.view/gallery.php (3) Classic.view/detail.php or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php.

Reference

http://marc.info/?l=full-disclosure&m=114472089719033&w=2 http://secunia.com/advisories/19603 http://www.osvdb.org/24491 http://www.osvdb.org/24492 http://www.osvdb.org/24493 http://www.osvdb.org/24494 http://www.securityfocus.com/bid/17449 http://www.vupen.com/english/advisories/2006/1300 https://exchange.xforce.ibmcloud.com/vulnerabilities/25745