Gallery · Gallery · CVE-2008-4130
**Name of the Vulnerable Software and Affected Versions**
Gallery 2.x versions prior to 2.2.6
**Description**
A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation. This is related to the ability of the animation to interact with the embedding page.
**Recommendations**
For Gallery 2.x versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of Flash animations to minimize the risk of exploitation.