1. CVE-Search
  2. CVE-2004-1106
ID CVE-2004-1106
Summary Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
References
Vulnerable Configurations
  • cpe:2.3:a:gallery_project:gallery:1.4.3_pl2:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:1.4.3_pl2:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 11602
confirm http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=142&mode=thread&order=0&thold=0
debian DSA-642
gentoo GLSA-200411-10
misc http://g3cko.info/gallery2-4.patch
xf gallery-script-xss(17948)
Last major update 14-02-2024 - 01:17
Published 10-01-2005 - 05:00
Last modified 14-02-2024 - 01:17
Back to Top