CVE-2006-3032

Name of the Vulnerable Software and Affected Versions Xtreme ASP Photo Gallery versions 1.05 and earlier Xtreme ASP Photo Gallery version 2.0 (trial)

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters in certain ASP files. The vulnerable parameters are catname and total in "displaypic.asp", and catname in "displaythumbs.asp".

Recommendations For Xtreme ASP Photo Gallery versions 1.05 and earlier, consider restricting access to the "displaypic.asp" and "displaythumbs.asp" files until a patch is available. For Xtreme ASP Photo Gallery version 2.0 (trial), avoid using the catname and total parameters in the affected API endpoints until the issue is resolved. As a temporary workaround, consider validating and sanitizing user input for the catname and total parameters to minimize the risk of exploitation.