Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Invision Gallery图像上传HTML注入漏洞
Vulnerability Description
Invision Gallery一个强大完整功能相册系统,简单易用。 Invision Gallery 2.0.3的图像上传处理代码中的多个解释错误,可让远程攻击者通过类型与扩展名不匹配的图像中的HTML或脚本来执行跨站脚本(XSS)攻击。注:有争议指出这是因为Internet Explorer的设计缺陷而造成的漏洞,在浏览器内作修复才是适当的解决方法;如果是这样,那么此问题不应视为Invision Gallery中的漏洞。
CVSS Information
N/A
Vulnerability Type
N/A