Lucene search

[email protected]CVE-2006-1826

HistoryApr 18, 2006 - 10:02 a.m.

CVE-2006-1826

2006-04-1810:02:00

CWE-79

[email protected]

web.nvd.nist.gov

xss

vulnerability

snipe gallery

web script

html

sql injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection.

Affected configurations

NVD

Node

snipegallerysnipe_galleryRange≤3.1.4

CPENameOperatorVersion
snipegallery:snipe_gallerysnipegallery snipe galleryle3.1.4

CPE	Name	Operator	Version
snipegallery:snipe_gallery	snipegallery snipe gallery	le	3.1.4

References

securitytracker.com/id?1015947

www.securityfocus.com/archive/1/431074/100/0/threaded

www.securityfocus.com/archive/1/431123/100/0/threaded

www.securityfocus.com/bid/17543

exchange.xforce.ibmcloud.com/vulnerabilities/25803

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2006-1826

cvelist1 prion1 nvd1