N/A

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.

N/A

N/A

Gallery 1.3.4-pl1 多个跨站脚本攻击漏洞

Gallery 1.3.4-pl1中存在多个跨站脚本攻击(XSS)漏洞，允许远程攻击者通过(1)add_comment.php中的index字段，slideshow_low.php中的(2)set_albumName，(3)slide_index，(4)slide_full，(5)slide_loop，(6)slide_pause，(7)slide_dir字段或者(8)search.php中的username字段来注入任意Web脚本或HTML。

N/A

N/A