Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.
https://exchange.xforce.ibmcloud.com/vulnerabilities/51470
http://www.securityfocus.com/bid/35342