CVE-2006-6188

CVE-2006-6188 is a Cross-site Scripting (XSS) vulnerability in ClickTech Click Gallery (view_search.asp) that can be exploited via the txtKeyWord parameter to inject arbitrary script/HTML. Affected: ClickTech Click Gallery; vulnerable component: view_search.asp. Root cause: improper neutralizatio...

CVE-2007-3412

The CVE-2007-3412 entry describes a cross-site scripting (XSS) vulnerability in ClickGallery Server 5.1 and earlier, exposed via the from parameter of edit_image.asp. The affected component is the server-side edit_image.asp handling input parameters, with the root cause being insufficient sanitiz...

CVE-2006-3026

CVE-2006-3026 involves multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via two parameters: (1) gallery_id in gallery.asp and (2) parentcurrentpage in view_gallery.asp. Affected product li...

CVE-2007-3411

ClickGallery Server 5.1 and earlier is affected by an SQL injection in edit_image.asp, exploitable via the image_id parameter. Root cause: improper handling of image_id enabling arbitrary SQL execution. Impact is described as partial confidentiality/integrity/availability (CVSS2 base 7.5, HIGH, n...

CVE-2006-6187

CVE-2006-6187 involves multiple SQL injection vulnerabilities in ClickTech Click Gallery. The affected components are the web-facing scripts: view_gallery.asp (parameters: currentpage, gallery_id), download_image.asp (parameter: image_id), gallery.asp (parameter: orderby), and view_recent.asp (pa...