|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-10] Gallery: Cross-site scripting vulnerability Vulnerability Scan
Vulnerability Scan Summary Gallery: Cross-site scripting vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-10
(Gallery: Cross-site scripting vulnerability)
Jim Paris has discovered a cross-site scripting vulnerability in Gallery.
Impact
By sending a carefully crafted URL, a possible hacker can inject and execute
script code in the victim's browser window, and potentially compromise the
users gallery.
Workaround
There is no known workaround at this time.
References:
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=142&mode=thread&order=0&thold=0
Solution:
All Gallery users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gallery-1.4.4_p4"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|