Summary
Goollery, a GMail based photo gallery written in PHP, is installed on this remote host.
According to it's version number, this host is vulnerable to multiple cross-site-scripting (XSS) attacks
eg, through the 'viewpic.php'
script. An attacker, exploiting these flaws, would need to be able to coerce a user to browse a malicious URI. Upon successful exploitation, the attacker would be able to run code within the web-browser in the security context of the remote server.
Solution
Upgrade to Goollery 0.04b or newer.
Severity
Classification
-
CVE CVE-2004-2245 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache Struts2/XWork Remote Command Execution Vulnerability
- 123 Flash Chat Multiple Security Vulnerabilities