Description
Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/24719
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17957
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/11318
Exploit x_refsource_misc
http://www.osvdb.org/ref/11/11xxx-goollery_multiple.txt
Exploit, Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/11319
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11587
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1012062
Exploit, Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/11320
Scores
EPSS
0.0125
EPSS Percentile
79.5%
Details
Status
published
Products (1)
goollery/goollery
0.3
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026