Unrated severityNVD Advisory· Published Jun 15, 2006· Updated Apr 16, 2026

CVE-2006-3036

Description

Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php.

Affected products

Andy Mack/35mmslidegallery
cpe:2.3:a:andy_mack:35mmslidegallery:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/18414nvdExploit
secunia.com/advisories/20652nvdVendor Advisory
securityreason.com/securityalert/1100nvd
www.osvdb.org/26507nvd
www.osvdb.org/26508nvd
www.securityfocus.com/archive/1/436959/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/27127nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000