RSS   Vulnerabilities for 'Photostand'   RSS

2007-02-26
 
CVE-2007-1102

CWE-Other
 

 
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.

 
 
CVE-2007-1101

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top