Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
| Software | From | Fixed in |
|---|---|---|
| gallery_project / gallery | 1.4 | 1.4.x |
| gallery_project / gallery | 1.4_pl1 | 1.4_pl1.x |
| gallery_project / gallery | 1.4_pl2 | 1.4_pl2.x |
| gallery_project / gallery | 1.4.1 | 1.4.1.x |
| gallery_project / gallery | 1.4.2 | 1.4.2.x |
| gallery_project / gallery | 1.4.3_pl1 | 1.4.3_pl1.x |
| gallery_project / gallery | 1.4.3_pl2 | 1.4.3_pl2.x |
| gallery_project / gallery | 1.4.4_pl2 | 1.4.4_pl2.x |
| gallery_project / gallery | 1.4.4_pl3 | 1.4.4_pl3.x |
| gallery_project / gallery | 1.4.4_pl4 | 1.4.4_pl4.x |
| gallery_project / gallery | 1.4.4_pl5 | 1.4.4_pl5.x |
| gallery_project / gallery | 1.5 | 1.5.x |
| gallery_project / gallery | 1.5.1 | 1.5.1.x |
| gallery_project / gallery | 1.5.1_rc2 | 1.5.1_rc2.x |