Unrated severityNVD Advisory· Published Mar 9, 2006· Updated Apr 16, 2026
CVE-2006-1127
CVE-2006-1127
Description
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
Affected products
11cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- secunia.com/advisories/19104nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- www.securityfocus.com/bid/16940nvdPatch
- archives.neohapsis.com/archives/bugtraq/2006-02/0621.htmlnvd
- gallery.menalto.com/gallery_2.0.3_releasednvd
- www.gulftech.orgnvd
- www.osvdb.org/23596nvd
- www.vupen.com/english/advisories/2006/0813nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25117nvd
News mentions
0No linked articles in our index yet.