CVE-2008-1296

Name of the Vulnerable Software and Affected Versions EncapsGallery version 1.11.2

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved by injecting malicious input via the file parameter to specific API endpoints, such as "watermark.php" and "catalog watermark.php" in the core directory.

Recommendations For EncapsGallery version 1.11.2, as a temporary workaround, consider restricting access to the "watermark.php" and "catalog watermark.php" files in the core directory to minimize the risk of exploitation. Avoid using the file parameter in these API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.