Lucene search

K
cveMitreCVE-2006-1127
HistoryMar 09, 2006 - 10:02 p.m.

CVE-2006-1127

2006-03-0922:02:00
mitre
web.nvd.nist.gov
43
cve
2006
1127
xss
vulnerability
gallery 2
remote attackers
web script
html
x-forwarded-for
x_forwarded_for
http header

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.005

Percentile

76.1%

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.

Affected configurations

Nvd
Node
gallery_projectgalleryMatch2.0
OR
gallery_projectgalleryMatch2.0.1
OR
gallery_projectgalleryMatch2.0.2
OR
gallery_projectgalleryMatch2.0_alpha
OR
gallery_projectgalleryMatch2.0_alpha1
OR
gallery_projectgalleryMatch2.0_alpha2
OR
gallery_projectgalleryMatch2.0_alpha3
OR
gallery_projectgalleryMatch2.0_alpha4
OR
gallery_projectgalleryMatch2.0_beta1
OR
gallery_projectgalleryMatch2.0_beta2
OR
gallery_projectgalleryMatch2.0_beta3
VendorProductVersionCPE
gallery_projectgallery2.0cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*
gallery_projectgallery2.0.1cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*
gallery_projectgallery2.0.2cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*
gallery_projectgallery2.0_alphacpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha1cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha2cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha3cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha4cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*
gallery_projectgallery2.0_beta1cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*
gallery_projectgallery2.0_beta2cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.005

Percentile

76.1%