Unrated severityNVD Advisory· Published Aug 30, 2005· Updated Apr 16, 2026
CVE-2005-2734
CVE-2005-2734
Description
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
Affected products
14cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.3_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.4_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.4_pl3:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.4_pl4:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.4_pl5:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.5.1_rc2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- sourceforge.net/project/shownotes.phpnvdPatch
- secunia.com/advisories/16594/nvdVendor Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvd
- marc.infonvd
- secunia.com/advisories/21502nvd
- securitytracker.com/idnvd
- www.securityfocus.com/bid/14668nvd
- www.us.debian.org/security/2006/dsa-1148nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/22020nvd
News mentions
0No linked articles in our index yet.