Intrusion PreventionGoollery.XSS.Viewpic
Description
It indicates a possible attempt of a cross-site scripting attack through a vulnerability in Goollery.
Goollery is a Gmail based photo gallery. It has been reported that 2 of Goollery scripts, viewpic.php and viewalbum.php, fail to properly sanitize user supplied input. These flaws allow malicious remote users to conduct cross-site scripting attacks against other users.
Affected Products
Any unprotected Goollery of version below 0.04b is vulnerable.
Impact
A remote attacker can execute arbitrary code in victim browser.
Recommended Actions
If a FortiGate with FortiOS 2.80 or above is used, select "Reset Server" as the default action for the attack.
Apply appropriate patches or upgrade the system to the latest non-vulnerable version.
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2019-04-09 | 14.589 |
Modified
|
Default_action:pass:drop |
| ID | 12827 |
| Created | Sep 11, 2006 |
| Updated | Jun 09, 2022 |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |
| Profile Type | XSS |