9 lines
No EOL
638 B
Text
9 lines
No EOL
638 B
Text
source: https://www.securityfocus.com/bid/28163/info
|
|
|
|
Gallarific is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities.
|
|
|
|
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, add new categories, add new users, and modify existing users. Other attacks are also possible.
|
|
|
|
These issues affect both the commercial and the free versions of Gallarific.
|
|
|
|
http://www.example.com/gallery/search.php?dosearch=true&query="><script>alert(document.cookie)</script> |