Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:NPicturespro Photo Cart
APPPicturespro3.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References
Related vulnerabilities
CVE-2006-6093HIGH7.5ten sam produkt
Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remot...
CVE-2008-3788MEDIUM6.8ten sam produkt
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow...
CVE-2008-1536MEDIUM4.3ten sam produkt
Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows...
CVE-2018-5190CRITICAL9.8ten sam vendor
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary custom...