Lucene search
Gentoo FoundationGLSA-200501-45HistoryJan 30, 2005 - 12:00 a.m.
Gallery: Cross-site scripting vulnerability
2005-01-3000:00:00
Gentoo Foundation
security.gentoo.org
17
0.017 Low
EPSS
Percentile
87.7%
Background
Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers.
Description
Rafel Ivgi has discovered a cross-site scripting vulnerability where the ‘username’ parameter is not properly sanitized in ‘login.php’.
Impact
By sending a carefully crafted URL, an attacker can inject and execute script code in the victim’s browser window, and potentially compromise the user’s gallery.
Workaround
There is no known workaround at this time.
Resolution
All Gallery users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gallery-1.4.4_p6"
Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | www-apps/gallery | < 1.4.4_p6 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200501-45 (gallery)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200501-45 (gallery)
2008-09-24 00:00:00
FreeBSD Ports: gallery
2008-09-04 00:00:00
cvelist
cvelist
CVE-2005-0220
2005-02-06 05:00:00
ubuntucve
ubuntucve
CVE-2005-0220
2005-05-02 00:00:00
cve
cve
CVE-2005-0220
2005-05-02 04:00:00
nessus
nessus
Gallery login.php username Parameter XSS
2005-01-18 00:00:00
GLSA-200501-45 : Gallery: XSS vulnerability
2005-02-14 00:00:00
FreeBSD : gallery -- XSS (5752a0df-60c5-4876-a872-f12f9a02fa05)
2005-07-13 00:00:00
freebsd
freebsd
gallery -- cross-site scripting
2005-01-26 00:00:00