2 matches found
CVE-2006-6936
Cross-site scripting XSS vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via 1 the catname parameter to displaypic.asp or 2 the search field. NOTE: vector 1 likely overlaps CVE-2006-3032...
CVE-2006-3032
Multiple cross-site scripting XSS vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 trial, allow remote attackers to inject arbitrary web script or HTML via the 1 catname and 2 total parameters in a displaypic.asp, and the 3 catname parameter in b displaythumbs.asp...