Unrated severityNVD Advisory· Published May 16, 2006· Updated Apr 16, 2026

CVE-2006-2397

Description

Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.

Affected products

Gphotos/Gphotos2 versions
cpe:2.3:a:gphotos:gphotos:1.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gphotos:gphotos:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gphotos:gphotos:1.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/17967nvdExploit
secunia.com/advisories/20095nvdVendor Advisory
securityreason.com/securityalert/906nvd
www.osvdb.org/25497nvd
www.osvdb.org/25498nvd
www.osvdb.org/25499nvd
www.securityfocus.com/archive/1/433936/100/0/threadednvd
www.vupen.com/english/advisories/2006/1806nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26426nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000