Unrated severityNVD Advisory· Published Jan 21, 2006· Updated Apr 16, 2026
CVE-2006-0330
CVE-2006-0330
Description
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
Affected products
16cpe:2.3:a:gallery_project:gallery:1.3.4:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:gallery_project:gallery:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.3_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.4_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.4_pl3:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.4_pl4:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4.4_pl5:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.5.1_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:1.5.2_rc2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- secunia.com/advisories/18557nvdPatchVendor Advisory
- secunia.com/advisories/18627nvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200601-13.xmlnvdPatchVendor Advisory
- www.osvdb.org/22660nvdPatch
- www.securityfocus.com/bid/16334nvdPatch
- bugs.debian.org/cgi-bin/bugreport.cginvd
- gallery.menalto.com/page/gallery_1_5_2_releasenvd
- secunia.com/advisories/21502nvd
- www.us.debian.org/security/2006/dsa-1148nvd
- www.vupen.com/english/advisories/2006/0282nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24247nvd
News mentions
0No linked articles in our index yet.