MEDIUM🇵🇱 Wersja polska

CVE-2008-3786

CVSS 4.3v2.0pub. 2008-08-26upd. 2026-04-23

Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Picturespro Photo Cart

    APP
    Picturespro
    3.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2006-6093HIGH7.5ten sam produkt

Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remot...

CVE-2008-3788MEDIUM6.8ten sam produkt

Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow...

CVE-2008-1536MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows...

CVE-2018-5190CRITICAL9.8ten sam vendor

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary custom...