CVE-2006-6517

KDPics <1.16 - XSS

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3.

Exploits (3)

exploitdb WORKING POC VERIFIED
by AsTrex · textwebappsphp
https://www.exploit-db.com/exploits/3263
exploitdb WRITEUP VERIFIED
by Mr_KaLiMaN · textwebappsphp
https://www.exploit-db.com/exploits/29254
exploitdb WRITEUP VERIFIED
by Mr_KaLiMaN · textwebappsphp
https://www.exploit-db.com/exploits/29255

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/453962/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23313
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21515
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4930

Scores

EPSS 0.0049
EPSS Percentile 65.6%

Details

Status published
Products (1)
kdpics/kdpics < 1.16
Published Dec 14, 2006
Tracked Since Feb 18, 2026