[2/5] Maian Gallery “keywords” Cross-Site Scripting Vulnerability

May 8th, 2008 by

[2/5] Maian Gallery “keywords” Cross-Site Scripting Vulnerability

:Khashayar Fereidani has reported a vulnerability in Maian Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to the "keywords" parameter in admin/index.php is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in an administrative user’s browser session in context of an affected site.The vulnerability is reported in version 2.0. Other versions may also be affected.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:Khashayar Fereidani a.k.a. Dr.CrashOriginal Advisory:http://seclists.org/bugtraq/2008/May/0026.html

Original post by nitish

[2/5] Maian Gallery “keywords” Cross-Site Scripting Vulnerability

Related Articles:

[2/5] Maian Cart “keywords” Cross-Site Scripting

[2/5] Maian Weblog Multiple Cross-Site Scripting Vulnerabilities

[2/5] Maian Uploader Multiple Cross-Site Scripting Vulnerabilities

[3/5] Maian Greetings Cross-Site Scripting and SQL Injection Vulnerabilities

[3/5] Maian Search Cross-Site Scripting and SQL Injection Vulnerabilities

Posted in Advisories - Exploits | | [2/5] Maian Gallery “keywords” Cross-Site Scripting Vulnerability

<< [3/5] PostcardMentor “cat_fldAuto” SQL Injection Vulnerability | [3/5] fipsCMS “lg” SQL Injection Vulnerability >>

Cybertrion Systems

[2/5] Maian Gallery “keywords” Cross-Site Scripting Vulnerability

Categories

Archives:

Search:

Meta: