MidnightBSD

Advisories for galleryproject

CVE-2013-2087 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
galleryproject gallery 3.0.3
galleryproject gallery 3.0.6
galleryproject gallery 3.0.2
galleryproject gallery 3.0.5
galleryproject gallery 3.0
galleryproject gallery 3.0.4
galleryproject gallery 3.0.1