Vulnerabilities > Menalto
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-17 | CVE-2007-6687 | Cross-Site Scripting vulnerability in Menalto Gallery Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. | 4.3 |
| 2008-01-17 | CVE-2007-6686 | Unspecified vulnerability in Menalto Gallery The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. | 10.0 |
| 2008-01-17 | CVE-2007-6685 | Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery Publish XP Module Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | 10.0 |