Bug: Phpwebgallery-1.4.1, Multiple Cross Site Scripting ( Ascii Version )

Search:
WLB2

Phpwebgallery-1.4.1, Multiple Cross Site Scripting

Published
Credit
Risk
2007.02.28
Simon Bonnard
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2007-1109
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

Phpwebgallery-1.4.1 - Multiple Cross Site Scripting
Vendor : http://www.phpwebgallery.net/
Risk : Low
----------------------------------------------------------------

Register.php
-> login and mail_address fields are vulnerables to XSS attacks

Search.php
-> search_author,mode, start_year, end_year, date_type, are
vulnerables too.

----------------------------------------------------------------

Solutions : www.php.net/htmlentities

Regards,

Simon Bonnard
simon.itsecurity - at - gmail - dot - com

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version