K-Gen

**Name of the Vulnerable Software and Affected Versions** Invision Gallery version 2.0.3 **Description** The issue arises from a multiple interpretation error in the image upload handling code, allowing remote attackers to conduct cross-site scripting (XSS) attacks. This occurs when an image with a mismatch between its type and extension is uploaded, and then rendered by Internet Explorer, potentially due to its handling of such files. **Recommendations** For Invision Gallery version 2.0.3, consider validating image types to ensure they match their extensions before upload to prevent potential cross-site scripting attacks. As a temporary workaround, restrict the upload of images with mismatched types and extensions until a proper fix is implemented.