Vulnerability Details CVE-2003-0614
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.06
EPSS Ranking 90.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0
- http://marc.info/?l=bugtraq&m=106252092421469&w=2
- http://www.debian.org/security/2003/dsa-355
- http://www.securityfocus.com/archive/1/330676
- http://www.securityfocus.com/archive/1/348641/30/21790/threaded
- http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0
- http://marc.info/?l=bugtraq&m=106252092421469&w=2
- http://www.debian.org/security/2003/dsa-355
- http://www.securityfocus.com/archive/1/330676
- http://www.securityfocus.com/archive/1/348641/30/21790/threaded
Products affected by CVE-2003-0614
-
cpe:2.3:a:gallery_project:gallery:1.1
-
cpe:2.3:a:gallery_project:gallery:1.2
-
cpe:2.3:a:gallery_project:gallery:1.2.1
-
cpe:2.3:a:gallery_project:gallery:1.2.1_p1
-
cpe:2.3:a:gallery_project:gallery:1.2.2
-
cpe:2.3:a:gallery_project:gallery:1.2.3
-
cpe:2.3:a:gallery_project:gallery:1.2.4
-
cpe:2.3:a:gallery_project:gallery:1.2.5
-
cpe:2.3:a:gallery_project:gallery:1.3
-
cpe:2.3:a:gallery_project:gallery:1.3.1
-
cpe:2.3:a:gallery_project:gallery:1.3.2
-
cpe:2.3:a:gallery_project:gallery:1.3.3
-
cpe:2.3:a:gallery_project:gallery:1.3.4