[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Phpwebgallery-1.4.1, Multiple Cross Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Phpwebgallery-1.4.1, Multiple Cross Site Scripting
From: simon.itsecurity@xxxxxxxxx
Date: 24 Feb 2007 19:19:25 -0000

Phpwebgallery-1.4.1 - Multiple Cross Site Scripting
Vendor : http://www.phpwebgallery.net/
Risk   : Low
----------------------------------------------------------------

Register.php
-> login and mail_address fields are vulnerables to XSS attacks

Search.php
-> search_author,mode, start_year, end_year, date_type, are 
vulnerables too.

----------------------------------------------------------------

Solutions : www.php.net/htmlentities


Regards,

Simon Bonnard
simon.itsecurity - at - gmail - dot - com

Prev by Date: Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit
Next by Date: [ GLSA 200702-09 ] Nexuiz: Multiple vulnerabilities
Previous by thread: Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit
Next by thread: [ GLSA 200702-09 ] Nexuiz: Multiple vulnerabilities
Index(es):
- Date
- Thread