Lucene search

MitreCVE-2005-0219

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0219

2005-05-0204:00:00

mitre

web.nvd.nist.gov

725

cve-2005-0219

cross-site scripting

xss

gallery

security vulnerability

web script injection

html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.

Affected configurations

Nvd

Node

gallery_projectgalleryMatch1.3.4_pl1

VendorProductVersionCPE
gallery_projectgallery1.3.4_pl1cpe:2.3:a:gallery_project:gallery:1.3.4_pl1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gallery_project	gallery	1.3.4_pl1	cpe:2.3:a:gallery_project:gallery:1.3.4_pl1:::::::*

References

archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html

gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147

marc.info/?l=bugtraq&m=110608459222364&w=2

theinsider.deep-ice.com/texts/advisory69.txt

exchange.xforce.ibmcloud.com/vulnerabilities/18938

exchange.xforce.ibmcloud.com/vulnerabilities/43473

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Related for CVE-2005-0219