Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity

From: "Bharat Mediratta" <bharat () menalto com>
Date: Tue, 30 Dec 2003 11:55:16 -0800
From: "The-Insider" <nuritrv18 () bezeqint net>
...

#######################################################################

Application:    Gallery
Vendors:
http://gallery.sourceforge.net
http://gallery.menalto.com
Versions:        <= 1.3.3
Platforms:       Windows/Unix
Bug:                 Cross Site Scripting Vulnerabillity
Risk:                Low
Exploitation:   Remote with browser
Date:               30 Dec 2003
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider () mail com
web:                http://theinsider.deep-ice.com


5 points for finding a security flaw.  -500 for not contacting us first,
because then we could
have told you that this flaw was fixed in Gallery v1.3.4-pl1, released July
27 2002 and
you could have included that information in your security advisory.

For complete details on the bug and the bug fix, including a patch, please
read
this story on our web site:

http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82

By the way, this bug affects all versions of Gallery from v1.1 to v1.3.4 so
if you're running
one of those versions of Gallery we strongly advise you to either apply the
patch in the
above news story, or upgrade to the latest version of Gallery from here:

    http://gallery.sf.net/download.php

-Bharat
Gallery Project Lead
Previous By Date Next
Previous By Thread Next

Current thread: