TUCoPS :: Web :: PHP :: c07-2463.htm

Phpwebgallery-1.4.1, Multiple Cross Site Scripting
Phpwebgallery-1.4.1, Multiple Cross Site Scripting
Phpwebgallery-1.4.1, Multiple Cross Site Scripting


Phpwebgallery-1.4.1 - Multiple Cross Site Scripting
Vendor : http://www.phpwebgallery.net/ 
Risk   : Low
----------------------------------------------------------------

Register.php
-> login and mail_address fields are vulnerables to XSS attacks

Search.php
-> search_author,mode, start_year, end_year, date_type, are 
vulnerables too.

----------------------------------------------------------------

Solutions : www.php.net/htmlentities 


Regards,

Simon Bonnard
simon.itsecurity - at - gmail - dot - com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH