Bugtraq mailing list archives
XSS flaw in MG2 Image Gallery (v.0.5.1)
From: preben () watchcom no
Date: 30 Jan 2006 20:48:50 -0000
Users can inject XSS into the form field "Name", when adding a comment on a picture. This will lead to the execution of XSS code. Simple scripting like <script>alert('hello')</script> , and more advanced document.location, and document.cookie works. This has been tested on version 0.5.1. Other versions might be flawed too. Please credit to: Preben Nyløkken
Current thread:
- XSS flaw in MG2 Image Gallery (v.0.5.1) preben (Jan 30)