Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1106

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-1106
Last Modified 05 Sep 2008 04:40:24
Published 10 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1106

Summary

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.

Vulnerable Systems

Operating System

  • Gentoo Linux

Application

  • Gallery Project Gallery 1.4

  • Gallery Project Gallery 1.4 Pl1

  • Gallery Project Gallery 1.4 Pl2

  • Gallery Project Gallery 1.4.1

  • Gallery Project Gallery 1.4.2

  • Gallery Project Gallery 1.4.3 Pl1

  • Gallery Project Gallery 1.4.3 Pl2


References

XF - gallery-script-xss(17948)

BID - 11602

GENTOO - GLSA-200411-10

DEBIAN - DSA-642

CONFIRM - http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=142&mode=thread&order=0&thold=0

MISC - http://g3cko.info/gallery2-4.patch


Last Updated: 27 May 2016 10:38:54