|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-45] Gallery: Cross-site scripting vulnerability Vulnerability Scan
Vulnerability Scan Summary Gallery: Cross-site scripting vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-45
(Gallery: Cross-site scripting vulnerability)
Rafel Ivgi has discovered a cross-site scripting vulnerability where
the 'username' parameter is not properly sanitized in 'login.php'.
Impact
By sending a carefully crafted URL, a possible hacker can inject and execute
script code in the victim's browser window, and potentially compromise
the user's gallery.
Workaround
There is no known workaround at this time.
References:
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=149
http://secunia.com/advisories/13887/
Solution:
All Gallery users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gallery-1.4.4_p6"
Note: Users with the vhosts USE flag set should manually use
webapp-config to finalize the update.
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|