Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17904
HistoryAug 28, 2007 - 12:00 a.m.

Abledesign Dynamic Picture Frame XSS

2007-08-2800:00:00
vulners.com
27

Vendor Site: http://abledesign.com/
Version affected: ???
Demo: http://abledesign.com/demo/pframe.php
Class: Input Validation Error

Overview: Dynamic Picture Frame is a PHP script which allows you to add a variety of picture frames of any size to images on your website. Dynamic Picture Frame fails to sufficiently sanitize user-supplied input data in "Image URL" text box by pressing the "submit" button.

Example:
1.<html><font color="Red"><b>XSS</b></font></html>

Discovered by: Joshua Morin ([email protected])