"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. - Gene Spafford"
HIO-2008-0610 PHP Image Gallery XSS PDF Print E-mail

PHP IMage Gallery contains flaws that allows remote cross site scripting.  
This flaw exists because the application does not validate the "action" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

BID: 29643  

CVE-2008-2675  

OSVDB: 46050

SA: 30573

Vendor Solution:

 
 
< Prev   Next >
[ Back ]