CVE-2006-3195

singapore < 0.10.0 - Cross-Site Scripting via Template Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3195. PoCs published by simo64.

AI-analyzed exploit summary The provided text describes directory traversal and XSS vulnerabilities in Singapore Gallery, but does not contain actual exploit code. It references a proof-of-concept XSS payload via a URL parameter.

Description

Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by simo64 · textwebappsphp

https://www.exploit-db.com/exploits/28067

View Code ZIP pw:eip

The provided text describes directory traversal and XSS vulnerabilities in Singapore Gallery, but does not contain actual exploit code. It references a proof-of-concept XSS payload via a URL parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Singapore Gallery (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18518

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1135

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/437716/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27324

Scores

EPSS 0.0167

EPSS Percentile 73.8%

Details

Status published

Products (1)

singapore/singapore < 0.10.0

Published Jun 23, 2006

Tracked Since Feb 18, 2026