CVE-2006-1127

Name of the Vulnerable Software and Affected Versions Gallery 2 versions up to 2.0.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header, which is not properly handled when adding a comment to an album. This is due to a cross-site scripting (XSS) vulnerability.

Recommendations For Gallery 2 versions up to 2.0.2, as a temporary workaround, consider restricting access to the album comment feature until a patch is available. Avoid using the X FORWARDED FOR HTTP header in the affected functionality to minimize the risk of exploitation.