Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting

Author: Larry Nguyen
type: webapps
platform: php
port: 
date_added: 2003-07-27 
date_updated: 2012-11-28 
verified: 1 
codes: CVE-2003-0614;OSVDB-2322 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/8288/info

Gallery is prone to a cross-site scripting vulnerability. This issue is present in the search engine facility provided by the software. An attacker could exploit this issue by constructing a malicious link to the search engine that contains hostile HTML and script code. Attacker-supplied code could be rendered in the browser of a user who follows such a link.

http://www.example.com/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</script>