Description
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by ThE g0bL!N · textwebappsphp
https://www.exploit-db.com/exploits/9636
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/57945
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/57944
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36680
Scores
EPSS
0.0033
EPSS Percentile
55.6%
Details
CWE
CWE-79
Status
published
Products (1)
plohni/an_image_gallery
1.0
Published
Sep 24, 2009
Tracked Since
Feb 18, 2026