Description
Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by SecurityTracker.com · textwebappscgi
https://www.exploit-db.com/exploits/22051
exploitdb
WRITEUP
VERIFIED
by SecurityTracker.com · textwebappscgi
https://www.exploit-db.com/exploits/22050
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10718
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1005681
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103842773205148&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6265
Scores
EPSS
0.0067
EPSS Percentile
71.6%
Details
Status
published
Products (5)
bizdesign/imagefolio
2.23
bizdesign/imagefolio
2.24
bizdesign/imagefolio
2.26
bizdesign/imagefolio
2.27
bizdesign/imagefolio
3.0.1
Published
Dec 11, 2002
Tracked Since
Feb 18, 2026