Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346.
References 7 Total
- exploit-db.com: 1595 exploit
- osvdb.org: 24018 vdb-entry
- secunia.com: 19322 third-party-advisory
- vupen.com: ADV-2006-1015 vdb-entry
- exchange.xforce.ibmcloud.com: gcards-incsetlang-xss(25343) vdb-entry
- securityfocus.com: 17165 vdb-entry
- attrition.org: 20060414 Provable vendor ACK for gcards issues mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- exploit-db.com: 1595 exploitx_transferred
- osvdb.org: 24018 vdb-entryx_transferred
- secunia.com: 19322 third-party-advisoryx_transferred
- vupen.com: ADV-2006-1015 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: gcards-incsetlang-xss(25343) vdb-entryx_transferred
- securityfocus.com: 17165 vdb-entryx_transferred
- attrition.org: 20060414 Provable vendor ACK for gcards issues mailing-listx_transferred