Gallery Multiple Input Validation Vulnerabilities

Gallery is prone to cross-site scripting and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

An attacker may leverage the information disclosure issue to allow disclosure of authentication credentials and all content within the context of the affected Web server application. It should be noted that site administrators can deactivate this module to disarm the flaw.

No further details have been provided.

The vendor has released version 2.0.2 to address the issue.


Privacy Statement
Copyright 2010, SecurityFocus