CVE-2004-1871

Photopost Php Pro - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43808

View Code ZIP pw:eip

References (6)

[Mailing List] http://marc.info/?l=bugtraq&m=108057790723123&w=2

[Exploit, Patch, Vendor Advisory] http://secunia.com/advisories/11241

[Vendor Advisory] http://securitytracker.com/id?1009571

[Various Sources] http://www.gulftech.org/03282004.php

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/9994

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15643

Scores

EPSS 0.1212

EPSS Percentile 93.8%

Details

Status published

Products (7)

photopost/photopost_php_pro 3.1

photopost/photopost_php_pro 3.2

photopost/photopost_php_pro 3.3

photopost/photopost_php_pro 4.0

photopost/photopost_php_pro 4.1

photopost/photopost_php_pro 4.6

photopost/photopost_php_pro 4.8.1

Published Mar 29, 2004

Tracked Since Feb 18, 2026