CVE-2007-2098

Name of the Vulnerable Software and Affected Versions Wabbit PHP Gallery version 0.9

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the pic and gal parameters in the showpic.php file.

Recommendations For Wabbit PHP Gallery version 0.9, consider validating and sanitizing user input for the pic and gal parameters to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the showpic.php file until a patch is available.