Vulnerability Details CVE-2008-3786
Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064046.html
- http://secunia.com/advisories/31589
- http://www.securityfocus.com/bid/30798
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44614
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064046.html
- http://secunia.com/advisories/31589
- http://www.securityfocus.com/bid/30798
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44614
Products affected by CVE-2008-3786
-
cpe:2.3:a:picturespro:picturespro_photo_cart:3.9