PT-2006-3926 · Bluecollar · Bluecollar I-Gallery

Publicado

2006-06-15

Atualizado

2017-07-20

CVE-2006-3021

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BlueCollar i-Gallery versions 4.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the n and d parameters in "login.asp" and the d parameter in "igallery.asp".

Recommendations For BlueCollar i-Gallery versions 4.1 and earlier, consider restricting access to the login.asp and igallery.asp pages until a fix is available. Avoid using the n and d parameters in these pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-3021

Produtos afetados

Bluecollar I-Gallery

PT-2006-3926 · Bluecollar · Bluecollar I-Gallery

CVE-2006-3021

Identificadores relacionados

Produtos afetados

Referências · 6