QwikSec

Security Database

CVE

CWE

Training

CVE-2007-6135

Published: Nov 27, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

http://www.packetstormsecurity.org/0711-exploits/phpslideshow-xss.txt

x_refsource_MISC

20071126 PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability

mailing-list

x_refsource_BUGTRAQ

phpslideshow-directory-xss(38638)

vdb-entry

x_refsource_XF

20071127 PHPSlideShow XSS Update

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

20080416 Re: PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.