CVE-2015-2275

Name of the Vulnerable Software and Affected Versions WoltLab Community Gallery version 2.0 before 2014-12-26

Description The issue allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a "saveImageData" action to "index.php/AJAXProxy". This is a cross-site scripting (XSS) issue.

Recommendations For WoltLab Community Gallery version 2.0 before 2014-12-26, update to a version released after 2014-12-26 to resolve the issue. As a temporary workaround, consider restricting access to the "saveImageData" action in "index.php/AJAXProxy" to minimize the risk of exploitation. Avoid using the parameters[data][7][title] parameter in the affected API endpoint until the issue is resolved.