Vulnerable to cross-site-scripting (XSS) in PHP_SELF

[JaneX8]

At least the following two lines are vulnerable to cross-site-scripting (XSS):

• cms/cms/ctrls/imguploadcrop.php

  Line 401 in 46378ac

  <form name="thumbnail" action="<?php echo $_SERVER["PHP_SELF"];?>?ctrl=imguploadcrop&tipo=<?php echo $tipo_conteudo; ?>&upload_key=<?php echo $upload_key; ?>&tw=<?php echo $thumb_width; ?>&th=<?php echo $thumb_height; ?>" method="post">

• cms/cms/ctrls/imguploadcrop.php

  Line 414 in 46378ac

  <form name="photo" enctype="multipart/form-data" action="<?php echo $_SERVER["PHP_SELF"];?>?ctrl=imguploadcrop&tipo=<?php echo $tipo_conteudo; ?>&upload_key=<?php echo $upload_key; ?>&tw=<?php echo $thumb_width; ?>&th=<?php echo $thumb_height; ?>" method="post">

For example by visiting the page with URL path /'"/><script>alert(1)</script> the $_SERVER["PHP_SELF"] value will print the URL path unfiltered and allow cross-site-scripting (XSS).