CVE-2008-6211

Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: Feb 20, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-6211
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
mcgallerypro / mcgallery	1.1	1.1.x

http://downloads.securityfocus.com/vulnerabilities/exploits/28587.html
http://www.juniper.net/security/auto/vulnerabilities/vuln28587.html
http://www.securityfocus.com/bid/28587
https://exchange.xforce.ibmcloud.com/vulnerabilities/41637

Vulnerability Database

289,871

CVE-2008-6211