PT-2008-5429 · Gallery · Gallery
Alex Ustinov
·
Published
2008-09-18
·
Updated
2017-08-08
·
CVE-2008-4130
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Gallery 2.x versions prior to 2.2.6
Description
A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation. This is related to the ability of the animation to interact with the embedding page.
Recommendations
For Gallery 2.x versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of Flash animations to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gallery