CVE-2005-0219

Name of the Vulnerable Software and Affected Versions Gallery version 1.3.4-pl1

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various fields in different scripts, including the index field in add comment.php, set albumName, slide index, slide full, slide loop, slide pause, slide dir fields in slideshow low.php, or the username field in search.php.

Recommendations For Gallery version 1.3.4-pl1, consider disabling the affected scripts (add comment.php, slideshow low.php, search.php) or restricting access to them until a patch is available. Avoid using the vulnerable fields (index, set albumName, slide index, slide full, slide loop, slide pause, slide dir, username) in the respective scripts to minimize the risk of exploitation.