CVE-2006-6088

BlueCollar i-Gallery 3.4 - Cross-Site Scripting via n or d Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6088. PoCs published by Aria-Security Team.

AI-analyzed exploit summary The provided text describes multiple input validation vulnerabilities in i-gallery, including XSS and HTML injection, due to insufficient sanitization of user-supplied data. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Aria-Security Team · textwebappsasp
https://www.exploit-db.com/exploits/29048

The provided text describes multiple input validation vulnerabilities in i-gallery, including XSS and HTML injection, due to insufficient sanitization of user-supplied data. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: i-gallery 3.4 and prior versions
No auth needed
Prerequisites: Access to the vulnerable i-gallery application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451854/100/100/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1912
Exploit, Vendor Advisory x_refsource_misc
http://aria-security.net/advisory/i-Gallery34.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30341
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22952
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21122
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4584

Scores

EPSS 0.0181
EPSS Percentile 75.9%

Details

Status published
Products (1)
blue-collar_productions/i-gallery 3.4
Published Nov 24, 2006
Tracked Since Feb 18, 2026