| Secunia Advisory: | SA30573 | |
| Release Date: | 2008-06-10 | |
| Critical: | Less critical | |
| Impact: | Cross Site Scripting | |
| Where: | From remote | |
| Solution Status: | Unpatched | |
| Software: | PHP Image Gallery 1.x | |
| This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! | ||
Russ McRee has reported a vulnerability in PHP Image Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "action" parameter in index.php is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
Russ McRee
資料來源 http://secunia.com/advisories/30573/
文章標籤
全站熱搜
