Cross site scripting

2006-04-1810:02:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection.

CPENameOperatorVersion
snipe_galleryle3.1.4

CPE	Name	Operator	Version
	snipe_gallery	le	3.1.4

References

securitytracker.com/id?1015947

www.securityfocus.com/archive/1/431074/100/0/threaded

www.securityfocus.com/archive/1/431123/100/0/threaded

www.securityfocus.com/bid/17543

exchange.xforce.ibmcloud.com/vulnerabilities/25803