Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.Referenceshttp://secunia.com/advisories/28573http://www.securityfocus.com/bid/27382http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txthttp://www.vupen.com/english/advisories/2008/0234
