PT-2010-4237 · Tcw · Tcw Php Album

Published

2010-07-13

Updated

2017-08-17

CVE-2010-2715

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions TCW PHP Album version 1.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the album parameter in the photos/index.php file.

Recommendations For TCW PHP Album version 1.0, consider validating and sanitizing user input for the album parameter to prevent XSS attacks. As a temporary workaround, restrict access to the photos/index.php file until a proper fix is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2010-2715

Affected Products

Tcw Php Album

PT-2010-4237 · Tcw · Tcw Php Album

CVE-2010-2715

Weakness Enumeration

Related Identifiers

Affected Products

References · 6