Lucene search

[email protected]CVE-2006-1826

HistoryApr 18, 2006 - 10:02 a.m.

CVE-2006-1826

2006-04-1810:02:00

CWE-79

[email protected]

web.nvd.nist.gov

xss

vulnerability

snipe gallery

web script

html

sql injection

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection.

CPENameOperatorVersion
snipegallery:snipe_gallerysnipegallery snipe galleryle3.1.4

CPE	Name	Operator	Version
snipegallery:snipe_gallery	snipegallery snipe gallery	le	3.1.4

References

securitytracker.com/id?1015947

www.securityfocus.com/archive/1/431074/100/0/threaded

www.securityfocus.com/archive/1/431123/100/0/threaded

www.securityfocus.com/bid/17543

exchange.xforce.ibmcloud.com/vulnerabilities/25803

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2006-1826

prion1