Vulnerabilities > CVE-2006-0330 - HTML Injection vulnerability in Gallery User Name
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200601-13.NASL description The remote host is affected by the vulnerability described in GLSA-200601-13 (Gallery: XSS vulnerability) Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability. Impact : By setting a specially crafted fullname, an attacker can inject and execute script code in the victim last seen 2020-06-01 modified 2020-06-02 plugin id 20815 published 2006-01-29 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20815 title GLSA-200601-13 : Gallery: XSS vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200601-13. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(20815); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-0330"); script_xref(name:"GLSA", value:"200601-13"); script_name(english:"GLSA-200601-13 : Gallery: XSS vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200601-13 (Gallery: XSS vulnerability) Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability. Impact : By setting a specially crafted fullname, an attacker can inject and execute script code in the victim's browser window and potentially compromise the user's gallery. Workaround : There is no known workaround at this time." ); # http://gallery.menalto.com/page/gallery_1_5_2_release script_set_attribute( attribute:"see_also", value:"http://galleryproject.org/page/gallery_1_5_2_release" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200601-13" ); script_set_attribute( attribute:"solution", value: "All Gallery users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/gallery-1.5.2' Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gallery"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/gallery", unaffected:make_list("ge 1.5.2"), vulnerable:make_list("lt 1.5.2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Gallery"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1148.NASL description Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2734 A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information. - CVE-2006-0330 A cross-site scripting vulnerability in the user registration allows injection of web script code. - CVE-2006-4030 Missing input sanitising in the stats modules allows information disclosure. last seen 2020-06-01 modified 2020-06-02 plugin id 22690 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22690 title Debian DSA-1148-1 : gallery - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1148. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22690); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2005-2734", "CVE-2006-0330", "CVE-2006-4030"); script_xref(name:"DSA", value:"1148"); script_name(english:"Debian DSA-1148-1 : gallery - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2734 A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information. - CVE-2006-0330 A cross-site scripting vulnerability in the user registration allows injection of web script code. - CVE-2006-4030 Missing input sanitising in the stats modules allows information disclosure." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2734" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0330" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-4030" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1148" ); script_set_attribute( attribute:"solution", value: "Upgrade the gallery package. For the stable distribution (sarge) these problems have been fixed in version 1.5-1sarge2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gallery"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"gallery", reference:"1.5-1sarge2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285
- http://gallery.menalto.com/page/gallery_1_5_2_release
- http://secunia.com/advisories/18557
- http://secunia.com/advisories/18627
- http://secunia.com/advisories/21502
- http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml
- http://www.osvdb.org/22660
- http://www.securityfocus.com/bid/16334
- http://www.us.debian.org/security/2006/dsa-1148
- http://www.vupen.com/english/advisories/2006/0282
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24247