QwikSec

Security Database

CVE

CWE

Training

CVE-2005-0219

Published: Feb 6, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability

mailing-list

x_refsource_BUGTRAQ

gallery-multiple-scripts-xss(43473)

vdb-entry

x_refsource_XF

20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability

mailing-list

x_refsource_VULNWATCH

http://theinsider.deep-ice.com/texts/advisory69.txt

x_refsource_MISC

gallery-multiple-xss(18938)

vdb-entry

x_refsource_XF

http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.