製品・ソフトウェアに関する情報

JVN脆弱性詳細

PHPSlideShow の phpslideshow.php におけるクロスサイトスクリプティングの脆弱性

Title	PHPSlideShow の phpslideshow.php におけるクロスサイトスクリプティングの脆弱性
Summary	PHPSlideShow の phpslideshow.php には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、directory パラメータを介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 27, 2007, midnight
Registration Date	Dec. 20, 2012, 6:33 p.m.
Last Update	Dec. 20, 2012, 6:33 p.m.

Affected System

phpslideshow

phpslideshow 0.9.9.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-6135	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6135
National Vulnerability Database (NVD)
2	CVE-2007-6135	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6135

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
phpslideshow
1	PHPSlideShow	http://www.zinkwazi.com/scripts/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-6135

Summary	Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.
Summary	Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpslideshow.php de PHPSlideShow 0.9.9.2, y posiblemente anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro directory. NOTA: este problema fue originalmente reportado para toonchapter8.php, pero probablemente este es un nombre específico de un sitio, puesto que la distribución PHPSlideShow no contiene ese archivo.
Publication Date	Nov. 28, 2007, 4:46 a.m.
Registration Date	Jan. 29, 2021, 2:24 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:phpslideshow:phpslideshow:0.9.9.2:::::::*

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/27809	cve@mitre.org
2	http://www.packetstormsecurity.org/0711-exploits/phpslideshow-xss.txt	cve@mitre.org
3	http://www.securityfocus.com/archive/1/484192/100/0/threaded	cve@mitre.org
4	http://www.securityfocus.com/archive/1/484289/100/0/threaded	cve@mitre.org
5	http://www.securityfocus.com/archive/1/490968/100/0/threaded	cve@mitre.org
6	http://www.securityfocus.com/bid/26575	cve@mitre.org
7	http://www.securityfocus.com/bid/26576	cve@mitre.org
8	http://www.vupen.com/english/advisories/2007/3992	cve@mitre.org
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/38638	cve@mitre.org
10	http://secunia.com/advisories/27809	af854a3a-2127-422b-91ae-364da2661108
11	http://www.packetstormsecurity.org/0711-exploits/phpslideshow-xss.txt	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/archive/1/484192/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/archive/1/484289/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/archive/1/490968/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securityfocus.com/bid/26575	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/26576	af854a3a-2127-422b-91ae-364da2661108
17	http://www.vupen.com/english/advisories/2007/3992	af854a3a-2127-422b-91ae-364da2661108
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/38638	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html