Launchpad.net

CVE 2010-1709

Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters.

See the CVE page on Mitre.org for more details.

References