My Image Gallery 1.4.1 index.php Multiple Parameter XSS

ID SSV:79799
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


My Image Gallery is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input.

An attacker can exploit these vulnerabilities to inject html and script code into the Web browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials. Other attacks are also possible.[path]/index.php?currDir=./<script>alert(document.cookie)</script><script>alert(document.cookie)</script>