Gallery 1.2/1.3.x Search Engine Cross-Site Scripting Vulnerability

2003-07-27T00:00:00
ID EDB-ID:22961
Type exploitdb
Reporter Larry Nguyen
Modified 2003-07-27T00:00:00

Description

Gallery 1.2/1.3.x Search Engine Cross-Site Scripting Vulnerability. CVE-2003-0614. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/8288/info

Gallery is prone to a cross-site scripting vulnerability. This issue is present in the search engine facility provided by the software. An attacker could exploit this issue by constructing a malicious link to the search engine that contains hostile HTML and script code. Attacker-supplied code could be rendered in the browser of a user who follows such a link.

http://www.example.com/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</script>