Heap
17-01-08, 17:43
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module.
More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6687)
More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6687)