CVE-2006-2955 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp or the (3) cat or (4) albumid parameter to (b) album.asp.

Reference

http://pridels0.blogspot.com/2006/06/kaphotoservice-75-vuln.html http://secunia.com/advisories/20521 http://securitytracker.com/id?1016253 http://www.osvdb.org/26275 http://www.osvdb.org/26276 http://www.securityfocus.com/bid/18379 http://www.vupen.com/english/advisories/2006/2251 https://exchange.xforce.ibmcloud.com/vulnerabilities/27073