Two vulnerabilities have been reported in the SmoothGallery extension for TYPO3, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) An unspecified error can be exploited to disclose arbitrary files. Currently there is no further information available.
The vulnerabilities are reported in version 1.5.1 and prior.
Vulnerable Products
Vulnerable Software: SmoothGallery (rgsmoothgallery) Extension for TYPO3 1.x
