1. CVE-Search
  2. CVE-2006-1127
ID CVE-2006-1127
Summary Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
References
Vulnerable Configurations
  • cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*
    cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 16940
bugtraq 20060303 Gallery 2 Multiple Vulnerabilities
confirm http://gallery.menalto.com/gallery_2.0.3_released
misc http://www.gulftech.org/?node=research&article_id=00106-03022006
osvdb 23596
sectrack 1015717
secunia 19104
vupen ADV-2006-0813
xf gallery-getremotehostaddress-xss(25117)
Last major update 20-07-2017 - 01:30
Published 09-03-2006 - 22:02
Last modified 20-07-2017 - 01:30
Back to Top