wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ens webgalamb 7.0 |