Ez Album suffers from a persistent cross site scripting vulnerability.
4fabfff117afcd1456d06c41e1137f5999cf411e5d39dc1f1269190b455edecf
/*
Ez Album (XSS) Script Injection Vulnerability
Discovered by : MizoZ
Contact : mizozx@gmail.com
Date : July 29 2009
Greetings : Moudi , Zuka, All friends
*/
We can inject HTML Scripts from the add comment , not in the comment but in
the name input .
exemple : http://www.ajaxez.com/album/index.php?action=view&id=1242082839 #
you can see an alert of 1