PT-2006-4546 · Photocycle · Photocycle
Published
2006-07-18
·
Updated
2018-10-18
·
CVE-2006-3680
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Photocycle version 1.0
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the
phpage parameter. This can lead to the execution of malicious code on the victim's browser.Recommendations
For Photocycle version 1.0, avoid using the
phpage parameter in sensitive operations until a fix is available. As a temporary workaround, consider validating and sanitizing all input to the phpage parameter to prevent malicious code injection.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Photocycle