Gallery Unspecified Remote Vulnerabilities

Medium Nessus Network Monitor Plugin ID 3304


The remote host is vulnerable to an HTML Injection attack.


The remote host is running the Gallery web-based photo album. This version of Gallery is vulnerable to an 'unspecified' flaw. While the exact details of the flaw are unknown, the vendor has released version 2.0.2 as a fix. In addition, this version of Gallery is supposedly vulnerable to an HTML injection flaw. An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI. Successful exploitation could lead to the loss of potentially confidential data


Upgrade to version 2.0.2 or 1.5.2 or higher.

See Also

Plugin Details

Severity: Medium

ID: 3304

File Name: 3304.prm

Family: CGI

Published: 2005/11/29

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2005-4023, CVE-2005-4021, CVE-2005-4022, CVE-2006-0330

BID: 15614, 16334