Description
Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
Exploits (1)
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18022
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2882
Exploit x_refsource_misc
http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15844
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21695
Exploit third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/716
Scores
EPSS
0.0095
EPSS Percentile
76.5%
Details
CWE
CWE-79
Status
published
Products (1)
snipegallery/snipe_gallery
< 3.1.4
Published
Dec 14, 2005
Tracked Since
Feb 18, 2026