Archive for February 25th, 2013

MTP Scripts Multiple Products Multiple Stored XSS Vulnerabilities

MTP Scripts offers three products: MTP Image Gallery, MTP Guestbook and MTP Poll. All of the products suffer from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

MTP Image Gallery 1.0 (title) Remote Script Insertion Vulnerability
MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities
MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities