Description
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Larry Nguyen · textwebappsphp
https://www.exploit-db.com/exploits/22961
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/330676
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2003/dsa-355
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106252092421469&w=2
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/348641/30/21790/threaded
Various Sources x_refsource_confirm
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0
Scores
EPSS
0.0604
EPSS Percentile
90.8%
Details
Status
published
Products (13)
gallery_project/gallery
1.1
gallery_project/gallery
1.2
gallery_project/gallery
1.2.1
gallery_project/gallery
1.2.1_p1
gallery_project/gallery
1.2.2
gallery_project/gallery
1.2.3
gallery_project/gallery
1.2.4
gallery_project/gallery
1.2.5
gallery_project/gallery
1.3
gallery_project/gallery
1.3.1
... and 3 more
Published
Aug 27, 2003
Tracked Since
Feb 18, 2026