Goollery.XSS.Viewpic
Description
It indicates a possible attempt of a cross-site scripting attack through a vulnerability in Goollery.
Goollery is a Gmail based photo gallery. It has been reported that 2 of Goollery scripts, viewpic.php and viewalbum.php, fail to properly sanitize user supplied input. These flaws allow malicious remote users to conduct cross-site scripting attacks against other users.
Affected Products
Any unprotected Goollery of version below 0.04b is vulnerable.
Impact
A remote attacker can execute arbitrary code in victim browser.
Recommended Actions
If a FortiGate with FortiOS 2.80 or above is used, select "Reset Server" as the default action for the attack.
Apply appropriate patches or upgrade the system to the latest non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-04-09 | 14.589 | Default_action:pass:drop |