CVE-2006-6088

Name of the Vulnerable Software and Affected Versions BlueCollar i-Gallery version 3.4

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the n or d parameter in "igallery.asp", or an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in "search.asp".

Recommendations For BlueCollar i-Gallery version 3.4, consider restricting access to the "igallery.asp" and "search.asp" pages until a fix is available. As a temporary workaround, avoid using the n and d parameters in "igallery.asp" and the myquery parameter in "search.asp" to minimize the risk of exploitation.