When I try to create a new gallery using the latest Joomla 6 and the latest version of Gallery on a fresh install, I’m getting a 403 error. I can enter the gallery name, but as soon as I click “Save,” the error appears.
I reached out to my web host and their response is included below. Is this something that can be addressed within the Gallery component?
Thanks in advance for your help!
Host Reply:
Checking over the logs for this one, i can see that you were hitting one of our Mod Security rules on the server which was returning that 403 error.
In this case, it looks like there's some vulnerability that this rule was protecting against within Joomla.
In particular, it's mentioned as "XSS and SQLi vulnerability in the Joomla extension Huge IT gallery v1.1.5 (CVE-2016-1000113 and CVE-2016-1000114)"
We would recommend updating both Joomla and this Gallery plugin to instead resolve this issue, as adding in a whitelist here would open your site up to more vulnerabilities.
In this case, i can see that both of these mentioned CVE's are quite critical, with a 9.8 severity.
Replies are visible only to logged in members with an active subscription.
