CVE-2008-6988

Name of the Vulnerable Software and Affected Versions Easy Photo Gallery version 2.1

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the galleryid parameter to "gallery.php", and the size or imageid parameters to "show.php".

Recommendations For Easy Photo Gallery version 2.1, consider restricting access to the "gallery.php" and "show.php" scripts until a patch is available. As a temporary workaround, avoid using the galleryid, size, and imageid parameters in the affected scripts.