CVE-2006-1127

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.

Published: Mar 9, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1127
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gallery_project / gallery	2.0.1	2.0.1.x
gallery_project / gallery	2.0_alpha4	2.0_alpha4.x
gallery_project / gallery	2.0_beta2	2.0_beta2.x
gallery_project / gallery	2.0.2	2.0.2.x
gallery_project / gallery	2.0_alpha	2.0_alpha.x
gallery_project / gallery	2.0_beta1	2.0_beta1.x
gallery_project / gallery	2.0_alpha2	2.0_alpha2.x
gallery_project / gallery	2.0_alpha1	2.0_alpha1.x
gallery_project / gallery	2.0_beta3	2.0_beta3.x
gallery_project / gallery	2.0	2.0.x
gallery_project / gallery	2.0_alpha3	2.0_alpha3.x

http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html
http://gallery.menalto.com/gallery_2.0.3_released
http://secunia.com/advisories/19104
http://securitytracker.com/id?1015717
http://www.gulftech.org/?node=research&article_id=00106-03022006
http://www.osvdb.org/23596
http://www.securityfocus.com/bid/16940
http://www.vupen.com/english/advisories/2006/0813
https://exchange.xforce.ibmcloud.com/vulnerabilities/25117

Vulnerability Database

289,697

CVE-2006-1127