CVE-2005-0928

Photopost Php Pro - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Diabolic Crab · textwebappsphp

https://www.exploit-db.com/exploits/25310

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Diabolic Crab · textwebappsphp

https://www.exploit-db.com/exploits/25309

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Diabolic Crab · textwebappsphp

https://www.exploit-db.com/exploits/25308

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/15098

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14742

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111205342909640&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/15097

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/15096

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1013581

Scores

EPSS 0.0372

EPSS Percentile 88.0%

Details

Status published

Products (1)

photopost/photopost_php_pro 5.02

Published May 02, 2005

Tracked Since Feb 18, 2026