← back
CVE-2006-2052

CVE-2006-2052

EPSS 1.8%
Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/27737unverifiedexploitdbwww.exploit-db.com/exploits/27739unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/790http://www.osvdb.org/24984http://www.securityfocus.com/archive/1/432022/100/0/threadedhttp://www.securityfocus.com/archive/1/432241/100/0/threadedhttp://www.securityfocus.com/bid/17696