Abledesign Dynamic Picture Frame XSS
- From: morin.josh@xxxxxxxxx
- Date: 26 Aug 2007 20:45:09 -0000
Vendor Site: http://abledesign.com/
Version affected: ???
Demo: http://abledesign.com/demo/pframe.php
Class: Input Validation Error
Overview: Dynamic Picture Frame is a PHP script which allows you to add a variety of picture frames of any size to images on your website. Dynamic Picture Frame fails to sufficiently sanitize user-supplied input data in "Image URL" text box by pressing the "submit" button.
Example:
1.<html><font color="Red"><b>XSS</b></font></html>
Discovered by: Joshua Morin (morin.josh@xxxxxxxxx)
- Prev by Date: InterWorx-CP Multiple HTML Injections Vulnerabilitie
- Next by Date: Moonware Software Multiple Vulnerabilities
- Previous by thread: InterWorx-CP Multiple HTML Injections Vulnerabilitie
- Next by thread: Moonware Software Multiple Vulnerabilities
- Index(es):
