# Cross-site Scripting in gamma.js of GammaGalery ## Author: TuanNQ (https://github.com/tuannq2299) ## Vendor: https://github.com/codrops/GammaGallery ## Description: Injecting any parameter in the URL query can result in XSS vulnerabilities. ## Demo page (https://tympanus.net/Development/GammaGallery/)  Add any parameter in URL query, the payload is then triggered. ``` https://tympanus.net/Development/GammaGallery/?abc=prompt(origin) ``` ## Root cause  The root cause of this vulnerability is in the logic of the code from L62-L65 `/js/gamma.js`. In the above step, all parameter in URL query was extracted, then their value will be passed to the `eval()` (L65) which leads to the `prompt()` in the demo.