CVE-2008-4130

2008-09-1820:00:03

CWE-79

mitre

web.nvd.nist.gov

cve-2008-4130

cross-site scripting

xss

gallery 2.x

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

69.9%

JSON

Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to “interact with the embedding page.”

Affected configurations

Nvd

Node

gallerygalleryRange≤2.2.5

gallerygalleryMatch2.2.0

gallerygalleryMatch2.2.1

gallerygalleryMatch2.2.2

gallerygalleryMatch2.2.3

gallerygalleryMatch2.2.4

VendorProductVersionCPE
gallerygallery*cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*
gallerygallery2.2.0cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*
gallerygallery2.2.1cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*
gallerygallery2.2.2cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*
gallerygallery2.2.3cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*
gallerygallery2.2.4cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gallery	gallery	*	cpe:2.3:a:gallery:gallery::::::::
gallery	gallery	2.2.0	cpe:2.3:a:gallery:gallery:2.2.0:::::::*
gallery	gallery	2.2.1	cpe:2.3:a:gallery:gallery:2.2.1:::::::*
gallery	gallery	2.2.2	cpe:2.3:a:gallery:gallery:2.2.2:::::::*
gallery	gallery	2.2.3	cpe:2.3:a:gallery:gallery:2.2.3:::::::*
gallery	gallery	2.2.4	cpe:2.3:a:gallery:gallery:2.2.4:::::::*