mcGallery 'lang' Parameter Multiple Cross Site Scripting Vulnerabilities

背景： PhpForums.net mcGallery是一款网站图片管理脚本工具。 类型： xss 影响： 可注入任意web脚本或HTML 分析： PhpForums.net mcGallery 1.1版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助对 1admin.php, 2index.php, 3sess.php, 4stats.php, 5detail.php, 6resize.php, 7show.php的lang参数，注入任意web脚本或HTML。...

mcGallery 1.1 - sess.php lang Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to 1 admin.php, 2 index.php, 3 sess.php, 4 stats.php, 5 detail.php, 6 resize.php, and 7 show.php. NOTE: the provenance of this...

mcGallery 1.1 - sess.php?lang Cross-Site Scripting

mcGallery 1.1 - sess.php?lang Cross-Site Scripting source: https://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...