CVE-2008-4130

Name of the Vulnerable Software and Affected Versions Gallery 2.x versions prior to 2.2.6

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation. This is related to the ability of the animation to interact with the embedding page.

Recommendations For Gallery 2.x versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of Flash animations to minimize the risk of exploitation.