Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200411-10
HistoryNov 06, 2004 - 12:00 a.m.

Gallery: Cross-site scripting vulnerability

2004-11-0600:00:00
Gentoo Foundation
security.gentoo.org
18

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.049

Percentile

92.8%

JSON

Background

Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers.

Description

Jim Paris has discovered a cross-site scripting vulnerability in Gallery.

Impact

By sending a carefully crafted URL, an attacker can inject and execute script code in the victim’s browser window, and potentially compromise the users gallery.

Workaround

There is no known workaround at this time.

Resolution

All Gallery users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.4.4_p4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/gallery< 1.4.4_p4UNKNOWN

Related

openvas 6
nessus 4
osv 1
cve 1
debian 2
cvelist 1
nvd 1
freebsd 1
openvas
openvas
Gentoo Security Advisory GLSA 200411-10 (gallery)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-642-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 642-1 (gallery)
2008-01-17 00:00:00
nessus
nessus
GLSA-200411-10 : Gallery: XSS vulnerability
2004-11-07 00:00:00
Gallery Unspecified HTML Injection
2004-11-04 00:00:00
Debian DSA-642-1 : gallery - several vulnerabilities
2005-01-17 00:00:00
osv
osv
gallery - several
2005-01-17 00:00:00
cve
cve
CVE-2004-1106
2005-01-10 05:00:00
debian
debian
[SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilities
2005-01-17 15:21:39
[SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilities
2005-01-17 15:21:39
cvelist
cvelist
CVE-2004-1106
2004-12-01 05:00:00
nvd
nvd
CVE-2004-1106
2005-01-10 05:00:00
freebsd
freebsd
gallery -- cross-site scripting
2005-01-26 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.049

Percentile

92.8%

JSON
Related for GLSA-200411-10
openvas6nessus4osv1cve1debian2cvelist1nvd1freebsd1