Test ID:	1.3.6.1.4.1.25623.1.0.800115
Category:	Web application abuses
Title:	Multiple XSS Vulnerabilities in PHPWebGallery (Oct 2008)
Summary:	PHPWebGallery is prone to multiple XSS and script inclusion Vulnerabilities.
Description:	Summary: PHPWebGallery is prone to multiple XSS and script inclusion Vulnerabilities. Vulnerability Insight: The flaws are due to improper validation of input data to parameters in isadmin.inc.php and init.inc.php file, which allow remote attackers to inject arbitrary web script via lang[access_forbiden], lang[ident_title], user[language] and user[template] parameters. Vulnerability Impact: Successful attack could lead to execution of arbitrary HTML or scripting code in the security context of an affected web page. Affected Software/OS: PHPWebGallery Version 1.3.4 and prior on all running platform. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4591 https://www.exploit-db.com/exploits/6425 http://securityreason.com/securityalert/4419 XForce ISS Database: phpwebgallery-isadmininc-xss(45061) https://exchange.xforce.ibmcloud.com/vulnerabilities/45061 Common Vulnerability Exposure (CVE) ID: CVE-2008-4702 XForce ISS Database: phpwebgallery-isadmin-file-include(45060) https://exchange.xforce.ibmcloud.com/vulnerabilities/45060
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.