Gallery Script Injection Vulnerability

Gallery Script Injection Vulnerability

Gallery is prone to a script-injection vulnerability because it fails to properly sanitize user-supplied input.

A malicious user may cause arbitrary script code to execute in the browser context of an unsuspecting victim. This may let the attacker steal cookie-based authentication credentials in the context of the victim's browser; further attacks are also possible.