Vulnerability Description
Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gallery Project | Gallery | 2.0 |
References
- http://secunia.com/advisories/17747PatchVendor Advisory
- http://www.osvdb.org/21221PatchVendor Advisory
- http://www.securityfocus.com/archive/1/418200/100/0/threaded
- http://www.securityfocus.com/bid/15614
- http://www.vupen.com/english/advisories/2005/2681
- http://secunia.com/advisories/17747PatchVendor Advisory
- http://www.osvdb.org/21221PatchVendor Advisory
- http://www.securityfocus.com/archive/1/418200/100/0/threaded
- http://www.securityfocus.com/bid/15614
- http://www.vupen.com/english/advisories/2005/2681
FAQ
What is CVE-2005-4022?
CVE-2005-4022 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
How severe is CVE-2005-4022?
CVE-2005-4022 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4022?
Check the references section above for vendor advisories and patch information. Affected products include: Gallery Project Gallery.