CVE-2012-1113

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

Link	Tags
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078851.html	vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078873.html	vendor advisory
http://secunia.com/advisories/48767	third party advisory
http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078618.html	vendor advisory
http://www.securityfocus.com/bid/52996	vdb entry
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078925.html	vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078752.html	vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74837	vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=812045
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078816.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2012-1113?: CVE-2012-1113 has been scored as a medium severity vulnerability.
How to fix CVE-2012-1113?: To fix CVE-2012-1113, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2012-1113 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2012-1113 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-79 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

Frequently Asked Questions