cbcvebase.

Gallery Project Gallery vulnerabilities

28 known vulnerabilities affecting gallery_project/gallery.

Total CVEs
28
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM20

Vulnerabilities

Page 2 of 2
CVE-2005-0220P4MEDIUMCVSS 5.0v1.4.4_pl22005-05-02
CVE-2005-0220 [MEDIUM] CVE-2005-0220: Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inje Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
nvd
CVE-2005-2734P4MEDIUMCVSS 4.3v1.4v1.4.1+12 more2005-08-30
CVE-2005-2734 [MEDIUM] CVE-2005-2734: Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
nvd
CVE-2006-0330P4MEDIUMCVSS 4.3v1.3.4v1.4+14 more2006-01-21
CVE-2006-0330 [MEDIUM] CVE-2006-0330: Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject a Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
nvd
CVE-2005-0219P4MEDIUMCVSS 4.3v1.3.4_pl12005-05-02
CVE-2005-0219 [MEDIUM] CVE-2005-0219: Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to i Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.
nvd
CVE-2005-0221P4MEDIUMCVSS 4.3v2.0_alpha2005-01-17
CVE-2005-0221 [MEDIUM] CVE-2005-0221: Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers t Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.
nvd
CVE-2006-1696P4MEDIUMCVSS 4.3v1.3.4v1.4+18 more2006-04-11
CVE-2006-1696 [MEDIUM] CVE-2006-1696: Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject a Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
nvd
CVE-2005-2596P4MEDIUMCVSS 4.6v1.3.42005-08-17
CVE-2005-2596 [MEDIUM] CVE-2005-2596: User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to a User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
nvd
CVE-2005-0222P4MEDIUMCVSS 5.0v2.0_alpha2005-05-02
CVE-2005-0222 [MEDIUM] CVE-2005-0222: main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.
nvd
Gallery Project Gallery vulnerabilities | cvebase