CVE-2011-4624

Name of the Vulnerable Software and Affected Versions GRAND FlAGallery plugin (flash-album-gallery) versions prior to 1.57

Description The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML. The vulnerability is exploited via the i parameter.

Recommendations For versions prior to 1.57, update to version 1.57 or later to resolve the issue. As a temporary workaround, consider restricting access to the facebook.php file in the GRAND FlAGallery plugin until a patch is applied. Avoid using the i parameter in the affected plugin until the issue is resolved.