Goollery Multiple XSS Network Vulnerability

Summary

Goollery, a GMail based photo gallery written in PHP, is installed on this remote host. According to it's version number, this host is vulnerable to multiple cross-site-scripting (XSS) attacks eg, through the 'viewpic.php' script. An attacker, exploiting these flaws, would need to be able to coerce a user to browse a malicious URI. Upon successful exploitation, the attacker would be able to run code within the web-browser in the security context of the remote server.

Solution

Upgrade to Goollery 0.04b or newer.

Severity

Classification

CVE CVE-2004-2245

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Web Server ETag Header Information Disclosure Weakness
Apache Open For Business HTML injection vulnerability
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities