| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Phpwebgallery-1.4.1, Multiple Cross Site Scripting |
| From: | simon.itsecurity@gmail.com |
| Date: | 24 Feb 2007 19:19:25 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Phpwebgallery-1.4.1 - Multiple Cross Site Scripting Vendor : http://www.phpwebgallery.net/ Risk : Low ---------------------------------------------------------------- Register.php -> login and mail_address fields are vulnerables to XSS attacks Search.php -> search_author,mode, start_year, end_year, date_type, are vulnerables too. ---------------------------------------------------------------- Solutions : www.php.net/htmlentities Regards, Simon Bonnard simon.itsecurity - at - gmail - dot - com |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit, s0cratex |
|---|---|
| Next by Date: | [ GLSA 200702-09 ] Nexuiz: Multiple vulnerabilities, Raphael Marichez |
| Previous by Thread: | Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit, s0cratex |
| Next by Thread: | [ GLSA 200702-09 ] Nexuiz: Multiple vulnerabilities, Raphael Marichez |
| Indexes: | [Date] [Thread] [Top] [All Lists] |