Gallery Search Engine Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

Gallery Search Engine Cross-Site Scripting Vulnerability

Gallery is prone to a cross-site scripting vulnerability. This issue is present in the search engine facility provided by the software. An attacker could exploit this issue by constructing a malicious link to the search engine that contains hostile HTML and script code. Attacker-supplied code could be rendered in the browser of a user who follows such a link.