CVE-2005-4245

Name of the Vulnerable Software and Affected Versions Snipe Gallery versions 3.1.4 and earlier

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the keyword parameter in the "search.php" endpoint.

Recommendations For Snipe Gallery versions 3.1.4 and earlier, update to a version later than 3.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the search.php endpoint or sanitizing the keyword parameter to prevent malicious input.