Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| qdig | qdig | 1.2.9 |
| qdig | qdig | 1.2.5 |
| qdig | qdig | 1.2.6 |
| qdig | qdig | 1.2.2 |
| qdig | qdig | 1.2.1 |
| qdig | qdig | 1.2.9.2 |
| qdig | qdig | 1.1.3 |
| qdig | qdig | 1.2.3 |
| qdig | qdig | 1.2.9.1 |
| qdig | qdig | 1.2.7 |
| qdig | qdig | 1.2.8 |
| qdig | qdig | 1.2.0 |
| qdig | qdig | 1.2.4 |