Bugtraq mailing list archives
Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity
From: "Bharat Mediratta" <bharat () menalto com>
Date: Tue, 30 Dec 2003 11:55:16 -0800
From: "The-Insider" <nuritrv18 () bezeqint net> ...
####################################################################### Application: Gallery Vendors: http://gallery.sourceforge.net http://gallery.menalto.com Versions: <= 1.3.3 Platforms: Windows/Unix Bug: Cross Site Scripting Vulnerabillity Risk: Low Exploitation: Remote with browser Date: 30 Dec 2003 Author: Rafel Ivgi, The-Insider e-mail: the_insider () mail com web: http://theinsider.deep-ice.com
5 points for finding a security flaw. -500 for not contacting us first, because then we could have told you that this flaw was fixed in Gallery v1.3.4-pl1, released July 27 2002 and you could have included that information in your security advisory. For complete details on the bug and the bug fix, including a patch, please read this story on our web site: http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82 By the way, this bug affects all versions of Gallery from v1.1 to v1.3.4 so if you're running one of those versions of Gallery we strongly advise you to either apply the patch in the above news story, or upgrade to the latest version of Gallery from here: http://gallery.sf.net/download.php -Bharat Gallery Project Lead
Current thread:
- Gallery v1.3.3 Cross Site Scripting Vulnerabillity The-Insider (Dec 30)
- Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity Bharat Mediratta (Dec 30)