PT-2006-3926 · Bluecollar · Bluecollar I-Gallery

Published

2006-06-15

Updated

2017-07-20

CVE-2006-3021

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BlueCollar i-Gallery versions 4.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the n and d parameters in "login.asp" and the d parameter in "igallery.asp".

Recommendations For BlueCollar i-Gallery versions 4.1 and earlier, consider restricting access to the login.asp and igallery.asp pages until a fix is available. Avoid using the n and d parameters in these pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3021

Affected Products

Bluecollar I-Gallery

PT-2006-3926 · Bluecollar · Bluecollar I-Gallery

CVE-2006-3021

Related Identifiers

Affected Products

References · 6