Description
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by by_casper41 · textwebappsasp
https://www.exploit-db.com/exploits/32185
exploitdb
WORKING POC
VERIFIED
by by_casper41 · textwebappsasp
https://www.exploit-db.com/exploits/32184
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31369
Third Party Advisory, VDB Entry x_refsource_misc
http://downloads.securityfocus.com/vulnerabilities/exploits/30567.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30567
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44271
Scores
EPSS
0.0070
EPSS Percentile
72.1%
Details
CWE
CWE-79
Status
published
Products (1)
kaphotoservice/kaphotoservice
Published
Aug 08, 2008
Tracked Since
Feb 18, 2026