2 matches found
CVE-2008-2449
CVE-2008-2449 corresponds to multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan’s phpInstantGallery 2.0. The flaws allow remote attackers to inject arbitrary web script or HTML via the gallery parameter to index.php and image.php, and via the imgnum parameter to image.php. The v...
CVE-2009-4446
CVE-2009-4446 describes an XSS in phpInstantGallery 1.1 (admin.php) exploitable via PATH_INFO. Exploitation by remote attackers is possible without authentication; impacts include partial integrity breach and no confidentiality/availability effects per CVSS? (Base 4.3, MEDIUM). Connected document...