Gallery Project: >> Gallery >> 1.3.4 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS Score
4.3
EPSS Score
0.005
Published
2006-04-11
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
CVSS Score
6.5
EPSS Score
0.022
Published
2006-02-08
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
CVSS Score
4.3
EPSS Score
0.013
Published
2006-01-21
User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-08-17
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
CVSS Score
4.3
EPSS Score
0.06
Published
2003-08-27