CVE-2006-2955

Name of the Vulnerable Software and Affected Versions KAPhotoservice versions 7.5 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via specific parameters in certain scripts, including the newcategory or apage parameter to the "edtalbum.asp" script, or the cat or albumid parameter to the "album.asp" script.

Recommendations For KAPhotoservice versions 7.5 and earlier, consider restricting access to the "edtalbum.asp" and "album.asp" scripts until a fix is available. As a temporary workaround, avoid using the newcategory, apage, cat, and albumid parameters in the affected scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.