CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-3511

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.securityfocus.com/bid/30546
http://www.securityfocus.com/bid/30546/exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/44433
http://www.securityfocus.com/bid/30546
http://www.securityfocus.com/bid/30546/exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/44433

Products affected by CVE-2008-3511

Softbiz » Image Gallery » Version: Any

cpe:2.3:a:softbiz:image_gallery:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-3511

Products

Pricing

Contact Us