Gallery Project : Security Vulnerabilities, CVEs, Published In 2005 (XSS)
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
Max CVSS
4.3
EPSS Score
0.49%
Published
2005-08-30
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.
Max CVSS
4.3
EPSS Score
0.92%
Published
2005-01-17
Updated
2017-07-11
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
Max CVSS
5.0
EPSS Score
1.68%
Published
2005-05-02
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.
Max CVSS
4.3
EPSS Score
0.41%
Published
2005-05-02
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
Max CVSS
6.8
EPSS Score
4.88%
Published
2005-01-10
Updated
2017-07-11
5 vulnerabilities found