virus logo Intrusion Prevention

Goollery.XSS.Viewpic

description-logoDescription

It indicates a possible attempt of a cross-site scripting attack through a vulnerability in Goollery.


Goollery is a Gmail based photo gallery. It has been reported that 2 of Goollery scripts, viewpic.php and viewalbum.php, fail to properly sanitize user supplied input. These flaws allow malicious remote users to conduct cross-site scripting attacks against other users.

affected-products-logoAffected Products

Any unprotected Goollery of version below 0.04b is vulnerable.

Impact logoImpact

A remote attacker can execute arbitrary code in victim browser.

recomended-action-logoRecommended Actions

If a FortiGate with FortiOS 2.80 or above is used, select "Reset Server" as the default action for the attack.


Apply appropriate patches or upgrade the system to the latest non-vulnerable version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-04-09 14.589 Default_action:pass:drop
ID 12827
Created Sep 11, 2006
Updated Jun 09, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Linux
Affected App Other