CVE-2006-3087 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID (2) aid (3) aname (4) uid and (5) m parameter in (a) common/galleries.asp; (6) aid (7) aname (8) uid (9) m (10) gp and (11) g parameter in (b) common/pupload.asp; and (12) msg (13) fn and (14) gp parameter in (c) common/upload.asp.

Reference

http://pridels0.blogspot.com/2006/06/ezgallery-v15-xss-vuln.html http://secunia.com/advisories/20553 http://www.osvdb.org/26370 http://www.osvdb.org/26371 http://www.osvdb.org/26372 http://www.vupen.com/english/advisories/2006/2298 https://exchange.xforce.ibmcloud.com/vulnerabilities/27066