BugTraq
Back to list
|
Post reply
Phpwebgallery-1.4.1, Multiple Cross Site Scripting
Feb 24 2007 07:19PM
simon itsecurity gmail com
Phpwebgallery-1.4.1 - Multiple Cross Site Scripting
Vendor : http://www.phpwebgallery.net/
Risk : Low
----------------------------------------------------------------
Register.php
-> login and mail_address fields are vulnerables to XSS attacks
Search.php
-> search_author,mode, start_year, end_year, date_type, are
vulnerables too.
----------------------------------------------------------------
Solutions : www.php.net/htmlentities
Regards,
Simon Bonnard
simon.itsecurity - at - gmail - dot - com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Vendor : http://www.phpwebgallery.net/
Risk : Low
----------------------------------------------------------------
Register.php
-> login and mail_address fields are vulnerables to XSS attacks
Search.php
-> search_author,mode, start_year, end_year, date_type, are
vulnerables too.
----------------------------------------------------------------
Solutions : www.php.net/htmlentities
Regards,
Simon Bonnard
simon.itsecurity - at - gmail - dot - com
[ reply ]