Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting

EDB-ID:

22961




Platform:

PHP

Date:

2003-07-27


source: https://www.securityfocus.com/bid/8288/info

Gallery is prone to a cross-site scripting vulnerability. This issue is present in the search engine facility provided by the software. An attacker could exploit this issue by constructing a malicious link to the search engine that contains hostile HTML and script code. Attacker-supplied code could be rendered in the browser of a user who follows such a link.

http://www.example.com/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</script>