CVE-2011-4806
Phpalbum < 0.4.1.16 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by BHG Security Center · textwebappsphp
https://www.exploit-db.com/exploits/18045
References (1)
Scores
EPSS
0.0043
EPSS Percentile
62.5%
Classification
CWE
CWE-79
Status
published
Affected Products (19)
phpalbum/phpalbum
< 0.4.1.16
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
phpalbum/phpalbum
... and 4 more
Timeline
Published
Dec 14, 2011
Tracked Since
Feb 18, 2026