Gallery 3.0.4 [1] was released with the following release notes: After several extensive internal and external security audits which discovered 22 distinct vulnerabilities, we are releasing Gallery 3.0.4 as a security release. All of the issues require that someone with malicious intent either have an account with edit permissions, or trick a user with edit permissions into clicking on a malicious link. In most cases, this can only lead to a possible XSS vulnerability, but in several instances it allows arbitrary PHP code execution.
Created gallery3 tracking bugs for this issue Affects: fedora-all [bug 833189] Affects: epel-6 [bug 833190]