[Alert URL] http://www.securitytracker.com/alerts/2002/Nov/1005681.html [Date] November 27, 2002 [Title] Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software [Vendor] BizDesign [Product] ImageFolio [URL] http://www.imagefolio.com/ [Description] An input validation vulnerability exists in ImageFolio version 3.0.1 and prior versions. A remote user can conduct cross-site scripting attacks. The flaw exists in various parameters of the 'nph-build.cgi' admin script nd the 'imageFolio.cgi' script (and possibly others). A demonstration exploit is provided: /cgi-bin/imageFolio.cgi?direct=<script>alert("SecurityHole")</script> /cgi-bin/if/admin/nph-build.cgi?step=<script>alert("SecurityHole")</script> This vulnerability can be exploited to steal a user's or administrator's authentication cookies. [Vendor Notification] Jun 9, 2002 - BizDesign (the vendor) was notified and responded that the pending version 3.0 will contain a fix. Aug 23, 2002 - Version 3.0 was released without a fix. Sep 16, 2002 - Version 3.0.1 was released without a fix. Nov 13, 2002 - Vendor was reminded and responded that the bug will be fixed in version 3.1, to be released in the beginning of the week of November 18. Nov 27, 2002 - At the time of this report, the fixed version had not been posted to the vendor's web site. [CVE] CAN-2002-1334 [Credit] This flaw was discovered by SecurityTracker.com (http://securitytracker.com/) after investigating a June 9, 2002 post by ET from LoWNOISE to the vuln-dev list: http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0939.html For more information, contact SecurityTracker at info@securitytracker.com
