CVE-2006-2397 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.

Reference

http://secunia.com/advisories/20095 http://securityreason.com/securityalert/906 http://www.osvdb.org/25497 http://www.osvdb.org/25498 http://www.osvdb.org/25499 http://www.securityfocus.com/archive/1/433936/100/0/threaded http://www.securityfocus.com/bid/17967 http://www.vupen.com/english/advisories/2006/1806 https://exchange.xforce.ibmcloud.com/vulnerabilities/26426