• info
• discussion
• exploit
• solution
• references

Ws-Album CVE-2006-3020 Cross-Site Scripting Vulnerability

Ws-Album is prone to a cross-site scripting vulnerability. Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters.