|Category:||Web application abuses|
|Title:||Goollery Multiple XSS|
|Summary:||Checks for the presence of Goollery XSS flaw in viewpic.php|
Goollery, a GMail based photo gallery written in PHP,
is installed on this remote host.
According to it's version number, this host is vulnerable to multiple
cross-site-scripting (XSS) attacks
eg, through the 'viewpic.php'
script. An attacker, exploiting these flaws, would need to be able to
coerce a user to browse a malicious URI. Upon successful exploitation,
the attacker would be able to run code within the web-browser in the
security context of the remote server.
Solution : Upgrade to Goollery 0.04b or newer.
BugTraq ID: 11587|
Common Vulnerability Exposure (CVE) ID: CVE-2004-2245
XForce ISS Database: goollery-viewalbum-viewpic-xss(17957)
|Copyright||This script is Copyright (C) 2004 David Maciejak|
|This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.