Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 rep parameter to a index.php or b diapo.php or 2 image parameter to c affich.php. NOTE: item 1a might be resultant from directory traversal...