|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200601-13] Gallery: Cross-site scripting vulnerability Vulnerability Scan
Vulnerability Scan Summary Gallery: Cross-site scripting vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200601-13
(Gallery: Cross-site scripting vulnerability)
Peter Schumacher discovered that Gallery fails to sanitize the
fullname set by users, possibly leading to a cross-site scripting
vulnerability.
Impact
By setting a specially crafted fullname, a possible hacker can inject
and execute script code in the victim's browser window and potentially
compromise the user's gallery.
Workaround
There is no known workaround at this time.
References:
http://gallery.menalto.com/page/gallery_1_5_2_release
Solution:
All Gallery users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.2"
Note: Users with the vhosts USE flag set should manually use
webapp-config to finalize the update.
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|