CVE-2006-1675

Name of the Vulnerable Software and Affected Versions: PHPWebGallery version 1.4.1

Description: The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is achieved by injecting malicious input via specific parameters to certain PHP files. The vulnerable parameters include cat, num, and search in "category.php", and slideshow, show metadata, and start in "picture.php".

Recommendations: For PHPWebGallery version 1.4.1, consider validating and sanitizing user input for the cat, num, search, slideshow, show metadata, and start parameters in the "category.php" and "picture.php" files to prevent XSS attacks. As a temporary workaround, restrict access to the "category.php" and "picture.php" files until a patch is available.