phpalbum persistent XSS vulnerability

Project:phpAlbum.net
Version:0.4.1-14
Component:Code
Category:bug
Priority:critical
Assigned:Hari12
Status:new
Description

Attackers can post malicious script in the "Username" option.For example iframe for spreading malware.
Also the cookies shows the md5 hash which also has to be fixed..

Image 1:http://i55.tinypic.com/5x5t95.png (Script in user profile)

Image 2:http://i53.tinypic.com/s6oemw.png(script can also execute while commenting or while using "write E-Card" option.

Hope the bugs will be fixed asap..

Thank you
for more information mail me:hari_kris02@yahoo.com


style="display:inline-block;width:468px;height:60px"
data-ad-client="ca-pub-8698264690166658"
data-ad-slot="4417389723">