CVE-2008-6211

Name of the Vulnerable Software and Affected Versions mcGallery version 1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the lang parameter to several API endpoints, including "admin.php", "index.php", "sess.php", "stats.php", "detail.php", "resize.php", and "show.php".

Recommendations For mcGallery version 1.1, consider restricting access to the lang parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the lang parameter in the mentioned endpoints to minimize the risk of exploitation.