Vulnerabilities > CVE-2005-2734 - Unspecified vulnerability in Gallery Project Gallery

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

gallery-project

nessus

NVD

Published: 2005-08-30

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.

Vulnerable Configurations

Part	Description	Count
Application	Gallery_Project Gallery Project Gallery 1.4 Gallery Project Gallery 1.4.1 Gallery Project Gallery 1.4.2 Gallery Project Gallery 1.4.3_Pl1 Gallery Project Gallery 1.4.3_Pl2 Gallery Project Gallery 1.4.4_Pl2 Gallery Project Gallery 1.4.4_Pl3 Gallery Project Gallery 1.4.4_Pl4 Gallery Project Gallery 1.4.4_Pl5 Gallery Project Gallery 1.4_Pl1 Gallery Project Gallery 1.4_Pl2 Gallery Project Gallery 1.5 Gallery Project Gallery 1.5.1 Gallery Project Gallery 1.5.1_Rc2	14

Nessus

NASL family	CGI abuses : XSS
NASL id	GALLERY_EXIF_XSS.NASL
description	According to its banner, the version of Gallery hosted on the remote web server is prone to script insertion attacks because it does not sanitize malicious EXIF data stored in image files. Using a specially crafted image file, an attacker can exploit this flaw to cause arbitrary HTML and script code to be executed in a user
last seen	2020-06-01
modified	2020-06-02
plugin id	19512
published	2005-08-27
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19512
title	Gallery EXIF Data XSS

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1148.NASL
description	Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2734 A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information. - CVE-2006-0330 A cross-site scripting vulnerability in the user registration allows injection of web script code. - CVE-2006-4030 Missing input sanitising in the stats modules allows information disclosure.
last seen	2020-06-01
modified	2020-06-02
plugin id	22690
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22690
title	Debian DSA-1148-1 : gallery - several vulnerabilities

Summary

Vulnerable Configurations

Nessus

References