CVE-2004-2267

Vulnerability

Ansel 2.1 and earlier contain a cross-site scripting (XSS) vulnerability in the album name parameter. The application fails to properly sanitize user-supplied input when creating or editing an album, allowing an attacker to inject arbitrary HTML or JavaScript code. The vulnerability is triggered when an administrator or other user views the album listing page where the malicious album name is rendered [1].

Exploitation

An attacker must have write access to create or modify an album, typically requiring a user account with album management privileges. The attacker submits a crafted album name containing malicious script payloads. The payload is stored on the server and later executed in the browser of any user who navigates to the album list or album view page, without any additional user interaction beyond normal page load [1].

Impact

Successful exploitation leads to arbitrary HTML or script execution in the context of the victim's session. Depending on the privileges of the victim, the attacker may steal session cookies, perform actions on behalf of the user, or deface the album interface. The scope of compromise is limited to the Ansel application and the victim's interactions with it [1].

Mitigation

The vendor has not released a patched version in the available references. Administrators are advised to restrict album creation privileges to trusted users and to implement input validation or WAF rules if possible. The software may be end-of-life; users should consider upgrading to a maintained alternative [1].