CVE-2005-3477

Name of the Vulnerable Software and Affected Versions Invision Gallery version 2.0.3

Description The issue arises from a multiple interpretation error in the image upload handling code, allowing remote attackers to conduct cross-site scripting (XSS) attacks. This occurs when an image with a mismatch between its type and extension is uploaded, and then rendered by Internet Explorer, potentially due to its handling of such files.

Recommendations For Invision Gallery version 2.0.3, consider validating image types to ensure they match their extensions before upload to prevent potential cross-site scripting attacks. As a temporary workaround, restrict the upload of images with mismatched types and extensions until a proper fix is implemented.