Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200601-13
HistoryJan 26, 2006 - 12:00 a.m.

Gallery: Cross-site scripting vulnerability

2006-01-2600:00:00
Gentoo Foundation
security.gentoo.org
7

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON

Background

Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers.

Description

Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability.

Impact

By setting a specially crafted fullname, an attacker can inject and execute script code in the victim’s browser window and potentially compromise the user’s gallery.

Workaround

There is no known workaround at this time.

Resolution

All Gallery users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.2"

Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update.

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/gallery< 1.5.2UNKNOWN

Related

openvas 4
nessus 2
cve 1
prion 1
osv 1
debian 1
openvas
openvas
Gentoo Security Advisory GLSA 200601-13 (gallery)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200601-13 (gallery)
2008-09-24 00:00:00
Debian Security Advisory DSA 1148-1 (gallery)
2008-01-17 00:00:00
nessus
nessus
GLSA-200601-13 : Gallery: XSS vulnerability
2006-01-29 00:00:00
Debian DSA-1148-1 : gallery - several vulnerabilities
2006-10-14 00:00:00
cve
cve
CVE-2006-0330
2006-01-21 00:03:00
prion
prion
Cross site scripting
2006-01-21 00:03:00
osv
osv
gallery - several vulnerabilities
2006-08-09 00:00:00
debian
debian
[SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities
2006-08-09 21:27:02

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON
Related for GLSA-200601-13
openvas4nessus2cve1prion1osv1debian1