MEDIUM🇬🇧 English

CVE-2008-3786

CVSS 4.3v2.0pub. 2008-08-26upd. 2026-04-23

Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Picturespro Photo Cart

    APP
    Picturespro
    3.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2006-6093HIGH7.5ten sam produkt

Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remot...

CVE-2008-3788MEDIUM6.8ten sam produkt

Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow...

CVE-2008-1536MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows...

CVE-2018-5190CRITICAL9.8ten sam vendor

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary custom...

CVE-2008-3786 — MEDIUM 4.3 | CVEbaza.pl