CVE-2006-3036 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php and the (2) w (3) h and (4) t parameters in (b) popup.php.

Reference

http://secunia.com/advisories/20652 http://securityreason.com/securityalert/1100 http://www.osvdb.org/26507 http://www.osvdb.org/26508 http://www.securityfocus.com/archive/1/436959/100/0/threaded http://www.securityfocus.com/bid/18414 https://exchange.xforce.ibmcloud.com/vulnerabilities/27127