CVE-2011-4806

Phpalbum < 0.4.1.16 - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by BHG Security Center · textwebappsphp
https://www.exploit-db.com/exploits/18045

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18045

Scores

EPSS 0.0042
EPSS Percentile 61.8%

Details

CWE
CWE-79
Status published
Products (11)
phpalbum/phpalbum 0.2.1
phpalbum/phpalbum 0.2.2
phpalbum/phpalbum 0.2.3
phpalbum/phpalbum 0.2.4
phpalbum/phpalbum 0.3.0
phpalbum/phpalbum 0.3.1 (3 CPE variants)
phpalbum/phpalbum 0.3.2
phpalbum/phpalbum 0.4.1-14 (6 CPE variants)
phpalbum/phpalbum 0.4.1.14
phpalbum/phpalbum 0.4.1.15
... and 1 more
Published Dec 14, 2011
Tracked Since Feb 18, 2026