VYPR

Gallery 3

by Gallery Project

Source repositories

CVEs (2)

  • CVE-2013-2087May 14, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php.

  • CVE-2013-2138Oct 10, 2013
    risk 0.00cvss epss 0.03

    The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.