CVE-2003-0614

Gallery 1.1-1.3.4 - Cross-Site Scripting via Search String Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0614. PoCs published by Larry Nguyen.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Gallery's search functionality. The PoC provides a malicious URL that injects arbitrary JavaScript code into the search parameter, which is rendered in the browser of a user who follows the link.

Description

Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Larry Nguyen · textwebappsphp
https://www.exploit-db.com/exploits/22961

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Gallery's search functionality. The PoC provides a malicious URL that injects arbitrary JavaScript code into the search parameter, which is rendered in the browser of a user who follows the link.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Gallery (version not specified)
No auth needed
Prerequisites: A vulnerable version of Gallery · User interaction to follow the malicious link
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/330676
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-355
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106252092421469&w=2
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/348641/30/21790/threaded

Scores

EPSS 0.0394
EPSS Percentile 89.1%

Details

Status published
Products (13)
gallery_project/gallery 1.1
gallery_project/gallery 1.2
gallery_project/gallery 1.2.1
gallery_project/gallery 1.2.1_p1
gallery_project/gallery 1.2.2
gallery_project/gallery 1.2.3
gallery_project/gallery 1.2.4
gallery_project/gallery 1.2.5
gallery_project/gallery 1.3
gallery_project/gallery 1.3.1
... and 3 more
Published Aug 27, 2003
Tracked Since Feb 18, 2026