CVE-2006-2955
KAPhotoservice 7.5 and earlier contains multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via the following parameters: (1) New Category (newcategory) or (2) apage to edtalbum.asp, and (3) cat or (4) albumid to album.asp....