CVE-2008-4130

Gallery < 2.2.5 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page."

References (9)

[Patch] http://gallery.menalto.com/gallery_2.2.6_released

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45227

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31231

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200811-02.xml

[Third Party Advisory] http://secunia.com/advisories/31858

[Third Party Advisory] http://secunia.com/advisories/32662

[Third Party Advisory] http://secunia.com/advisories/33144

Scores

EPSS 0.0065

EPSS Percentile 70.5%

Classification

CWE

CWE-79

Status published

Affected Products (7)

gallery/gallery < 2.2.5

gallery/gallery

n/a/n/a

Timeline

Published Sep 18, 2008

Tracked Since Feb 18, 2026