Description
Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jose Luis Gongora Fernandez · textwebappsphp
https://www.exploit-db.com/exploits/30806
References (9)
Core 9
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27809
Exploit x_refsource_misc
http://www.packetstormsecurity.org/0711-exploits/phpslideshow-xss.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484192/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38638
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484289/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26575
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490968/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26576
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3992
Scores
EPSS
0.0796
EPSS Percentile
92.1%
Details
CWE
CWE-79
Status
published
Products (1)
phpslideshow/phpslideshow
0.9.9.2
Published
Nov 27, 2007
Tracked Since
Feb 18, 2026