CVE-2006-3563

Name of the Vulnerable Software and Affected Versions Winged Gallery version 1.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the image parameter in the /gallery/thumb.php API endpoint.

Recommendations For Winged Gallery version 1.0, consider restricting access to the /gallery/thumb.php endpoint until a patch is available, and avoid using the image parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.