Vulnerability Details CVE-2003-0614
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 89.0%
CVSS Severity
CVSS v2 Score 4.3
References
- http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0
- http://marc.info/?l=bugtraq&m=106252092421469&w=2
- http://www.debian.org/security/2003/dsa-355
- http://www.securityfocus.com/archive/1/330676
- http://www.securityfocus.com/archive/1/348641/30/21790/threaded
- http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0
- http://marc.info/?l=bugtraq&m=106252092421469&w=2
- http://www.debian.org/security/2003/dsa-355
- http://www.securityfocus.com/archive/1/330676
- http://www.securityfocus.com/archive/1/348641/30/21790/threaded
Products affected by CVE-2003-0614
-
cpe:2.3:a:gallery_project:gallery:1.1
-
cpe:2.3:a:gallery_project:gallery:1.2
-
cpe:2.3:a:gallery_project:gallery:1.2.1
-
cpe:2.3:a:gallery_project:gallery:1.2.1_p1
-
cpe:2.3:a:gallery_project:gallery:1.2.2
-
cpe:2.3:a:gallery_project:gallery:1.2.3
-
cpe:2.3:a:gallery_project:gallery:1.2.4
-
cpe:2.3:a:gallery_project:gallery:1.2.5
-
cpe:2.3:a:gallery_project:gallery:1.3
-
cpe:2.3:a:gallery_project:gallery:1.3.1
-
cpe:2.3:a:gallery_project:gallery:1.3.2
-
cpe:2.3:a:gallery_project:gallery:1.3.3
-
cpe:2.3:a:gallery_project:gallery:1.3.4