I-Gallery Multiple Input Validation Vulnerabilities

I-Gallery Multiple Input Validation Vulnerabilities

To exploit the HTML-injection issue, an attacker can use a web client. To exploit the cross-site scripting issues, the attacker must entice an unsuspected victim into following a malicious URI.

These proof-of-concept URIs are available:

http://target/path/igallery.asp?n=[XSS]
http://target/path/igallery.asp&d=[XSS]