The host is installed with Wordpress Photocrati theme and is prone to cross-site scripting vulnerability.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

No solution or patch is available as of 22th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer http://www.photocrati.com/

Flaw exists as input passed via the 'prod_id' GET parameter to /photocrati-theme/photocrati-gallery/ecomm-sizes.php script is not properly sanitised before being returned to the user.

Wordpress Photocrati theme version 4.7.3. Other versions may also be affected.

Send a crafted request via HTTP GET and check whether it is able to read cookie or not.

• http://osvdb.org/102717
• http://packetstormsecurity.com/files/124986
• http://secunia.com/advisories/56690
• http://xforce.iss.net/xforce/xfdb/90812

---

Updated on 2015-03-25