CVE-2008-3511

Published: Aug 7, 2008Modified: Apr 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected (1)

Products: Softbizscripts: Image Gallery Script

1 product

Image Gallery Script

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Softbizscripts Image Gallery Script	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securityfocus.com/bid/30546

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/30546/exploit

Source: cve@mitre.org

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/44433

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/30546

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/30546/exploit

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/44433

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.