CVE-2008-2698

Name of the Vulnerable Software and Affected Versions WEBalbum versions 2.0 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the "add comment" section of WEBalbum. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the comment, id, or category parameters in the photo add-c.php file.

Recommendations For WEBalbum versions 2.0 and earlier, as a temporary workaround, consider restricting access to the photo add-c.php file until a patch is available. Avoid using the comment, id, or category parameters in the affected section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.