GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the album_name parameter in /index.php/album/add for user-supplied data and output data validation filtering. An attacker could exploit this vulnerability to execute JavaScript code on the client side.