Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote malicious users to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gallery project gallery 2.0_alpha |
||
gallery project gallery 2.0_alpha1 |
||
gallery project gallery 2.0_alpha2 |
||
gallery project gallery 2.0_alpha3 |
||
gallery project gallery 2.0 |
||
gallery project gallery 2.0_alpha4 |
||
gallery project gallery 2.0_beta1 |
||
gallery project gallery 2.0.1 |
||
gallery project gallery 2.0.2 |
||
gallery project gallery 2.0_beta2 |
||
gallery project gallery 2.0_beta3 |