Description
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
Affected products
- 4Homepages / 4images1.7.7
- 4Homepages / 4images1.0 – 1.0
- 4Homepages / 4images1.0 – 1.0
- 4Homepages / 4images1.5 – 1.5
- 4Homepages / 4images1.6 – 1.6
- 4Homepages / 4images1.6.1 – 1.6.1
- 4Homepages / 4images1.7 – 1.7
- 4Homepages / 4images1.7.1 – 1.7.1
- 4Homepages / 4images1.7.2 – 1.7.2
- 4Homepages / 4images1.7.3 – 1.7.3
- 4Homepages / 4images1.7.4 – 1.7.4
- 4Homepages / 4images1.7.5 – 1.7.5
- 4Homepages / 4images1.7.6 – 1.7.6
References
- MISChttp://www.securityfocus.com/bid/35342
- MISChttp://osvdb.org/55092
- VENDOR_ADVISORYhttp://secunia.com/advisories/35427
- EXPLOIThttps://www.exploit-db.com/exploits/8936
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/51090
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/1582
- MISChttp://www.4homepages.de/forum/index.php?topic=15186.0