Gallery搜索引擎跨站脚本漏洞-一一网

漏洞信息详情

Gallery搜索引擎跨站脚本漏洞

CNNVD编号：CNNVD-200308-116

危害等级：中危
CVE编号：
CVE-2003-0614
漏洞类型：

跨站脚本
发布时间：

2003-08-27
威胁类型：

远程
更新时间：

2009-01-29
厂商：

gallery_project
漏洞来源：
.’);”>Discovery of this …

漏洞简介

Gallery 1.1版本到1.3.4版本的search.php存在跨站脚本(XSS)漏洞。远程攻击者可以借助searchstring参数插入任意web脚本。

漏洞公告

This issue has been addressed in Gallery 1.3.4p1.
Debian has released an advisory and fixes for this issue.
Gentoo Linux has released a security advisory (200309-06) to address this issue. Users who are affected by this issue are advised to do the following:
emerge sync
emerge gallery
emerge clean
Bharat Mediratta Gallery 1.1

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.2

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.2.1

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.2.1 p1

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.2.2

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.2.3

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.2.4

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.2.5

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.3

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.3.1

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.3.2

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.3.3

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

Bharat Mediratta Gallery 1.3.4

Bharat Mediratta gallery-1.3.4-pl1.tar.gz

http://prdownloads.sourceforge.net/gallery/gallery-1.3.4-pl1.tar.gz?do
wnload

参考网址

来源: DEBIAN
名称: DSA-355
链接:http://www.debian.org/security/2003/dsa-355

来源: BUGTRAQ
名称: 20040101 Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity
链接:http://www.securityfocus.com/archive/1/archive/1/348641/30/21790/threaded

来源: BUGTRAQ
名称: 20030727 Gallery XSS security advisory (with fix and patch instructions)
链接:http://www.securityfocus.com/archive/1/330676

来源: BUGTRAQ
名称: 20030902 GLSA: gallery (200309-06)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106252092421469&w=2

来源: gallery.menalto.com
链接:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0