Remember me

XSS vulnerability

1 year 2 months ago #1

  • Jüri Raudmaa's Avatar
  • Jüri Raudmaa
  • Posts: 16
Hello!

There are XSS vulnerability in BaGallery when in category options under lightbox is 'enable alias' are enabled. This alias gives url to image when i click on it: www.mydomain.xx/?107 (number based on image ID i guess). But attacker can use it like that:
www.mydomain.xx/?107%22%3E%3Cimg%20src=X...(document.domain)%3E
Attachments:

1 year 2 months ago #2

  • Viacheslav's Avatar
  • Viacheslav
  • Posts: 28858
Hello,

Thank you for letting us know,
We will take it into account

Regards,
Vyacheslav, Balbooa.com
Powered by Kunena Forum