| VID |
21964 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Gallery software, according to its version number, has a cross-site scripting vulnerability via the EXIF data. Gallery is a Web-based photo album program written in PHP. Gallery version 1.5.1-RC2 and earlier versions are vulnerable to a cross-site scripting vulnerability via EXIF data, such as the Camera Model Tag. This vulnerability could allow a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
* Note: This check solely relied on the version number of Gallery on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=112511025414488&w=2
http://sourceforge.net/project/shownotes.php?release_id=352576
http://secunia.com/advisories/16594/
http://secunia.com/advisories/21502
http://securitytracker.com/id?1014800
* Platforms Affected:
Bharat Mediratta, Gallery version 1.5.1-RC2 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Gallery (1.5.1 or later), available from the Gallery Project Page Web site at http://gallery.menalto.com/wiki/Download |
| Related URL |
CVE-2005-2734 (CVE) |
| Related URL |
14668 (SecurityFocus) |
| Related URL |
(ISS) |
|
