https://www.exploit-db.com/exploits/26153
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-172

MyImageGallery(Mig)1.4.1的index.php页面存在跨站脚本(XSS)漏洞。这使得远程攻击者可以借助于参数(1)currDir或(2)image执行任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/14570/info

My Image Gallery is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input.

An attacker can exploit these vulnerabilities to inject html and script code into the Web browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials. Other attacks are also possible. 

http://www.example.com/[path]/index.php?currDir=./<script>alert(document.cookie)</script>
http://www.example.com/index.php?currDir=./test&pageType=image&image=<script>alert(document.cookie)</script>

来源:BID
名称:14570
链接:http://www.securityfocus.com/bid/14570
来源:OSVDB
名称:18741
链接:http://www.osvdb.org/18741
来源:VUPEN
名称:ADV-2005-1432
链接:http://www.frsirt.com/english/advisories/2005/1432
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=349348
来源:MISC
链接:http://secwatch.org/advisories/secwatch/20050813_Mig.txt
来源:SECUNIA
名称:16405
链接:http://secunia.com/advisories/16405