Instant Photo Gallery <= Multiple XSS

2006.05.01
Credit: qex
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

: Discovered by: Qex : Date: 25 April 2006 : : /member.php?action=viewpro&member=[XSS] Can you confirm this? Doing a quick grep of the 1.0.2 source code finds no occurace of "viewpro" at all. The line above also happens to be exactly the same as your DevBB disclosure, suggesting this may be a bad cut/paste? Additionally, in the subsequent posting you refer to additional scripts being affected: /portfolio.php?cat_id=[XSS] /portfolio_photo_popup.php?id=[XSS] Secunia apparently wasn't able to validate all of the XSS but instead found one SQL injection issue: http://secunia.com/advisories/19813/ Can you confirm or clarify any of the above?


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top