+-----------------------------+
Advisories: CSS in PHP Photo Album by John Beatty ver. 1.0
Author: nimber [nimber@mail.ru]
Date: [4.11.2003]
+-----------------------------+
Vendor: John Beatty
Version: 1.0 (and older versions?)
+-----------------------------+
Problem:
There is a danger of performance Cross Site Scripting (XSS) attack.
Example#1:
http://[victim]/photos/showimages.php?dir=<iframe%20src="C:\"%20width=400%20height=400></iframe>
Example#2:
http://[victim]//photos/showfullimage.php?dir=[dir name][spc]St[spc]Clair&image=<h1>hello</h1>
+-----------------------------+
Feedback:
nimber
icq: 132614
e-mail: nimber@mail.ru and nimber@dezigner.ru
Home Page: nimber.plux.ru
+-----------------------------+
Greets: ZeT, euronymous, JLx and all my friends.
p.s> Sorry for my bad english ;)
+-----------------------------+
(0_o(0_o)0_o)
{"id": "SECURITYVULNS:DOC:5347", "bulletinFamily": "software", "title": "Advisories: CSS in PHP Photo Album by John Beatty ver. 1.0", "description": "+-----------------------------+\r\nAdvisories: CSS in PHP Photo Album by John Beatty ver. 1.0\r\nAuthor: nimber [nimber@mail.ru]\r\nDate: [4.11.2003]\r\n+-----------------------------+\r\nVendor: John Beatty\r\nVersion: 1.0 (and older versions?) \r\n+-----------------------------+\r\nProblem:\r\nThere is a danger of performance Cross Site Scripting (XSS) attack. \r\nExample#1:\r\nhttp://[victim]/photos/showimages.php?dir=<iframe%20src="C:\"%20width=400%20height=400></iframe>\r\nExample#2:\r\nhttp://[victim]//photos/showfullimage.php?dir=[dir name][spc]St[spc]Clair&image=<h1>hello</h1>\r\n+-----------------------------+\r\nFeedback:\r\nnimber\r\nicq: 132614\r\ne-mail: nimber@mail.ru and nimber@dezigner.ru\r\nHome Page: nimber.plux.ru\r\n+-----------------------------+\r\nGreets: ZeT, euronymous, JLx and all my friends.\r\np.s> Sorry for my bad english ;)\r\n+-----------------------------+\r\n(0_o(0_o)0_o)", "published": "2003-11-05T00:00:00", "modified": "2003-11-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5347", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:08", "edition": 1, "viewCount": 1497, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:3222"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:3222"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "vulnersScore": 0.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645277882, "score": 1659803227, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "24c73eb38eb2c2d87989c03ce5c3fe10"}}