This page lists publicly disclosed CVE vulnerabilities affecting imagevue imagevue (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-1273 | Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 4.3 | 1.48% | 2008-03-10 | 2026-06-16 |
| CVE-2006-0703 | Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter. | [email protected] | 4.3 | 4.40% | 2006-02-15 | 2026-06-16 |
| CVE-2006-0702 | admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal. | [email protected] | 5.0 | 7.10% | 2006-02-15 | 2026-06-16 |
| CVE-2006-0701 | readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters. | [email protected] | 5.0 | 7.68% | 2006-02-15 | 2026-06-16 |
| CVE-2006-0700 | imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions. | [email protected] | 5.0 | 6.53% | 2006-02-15 | 2026-06-16 |