Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.

The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.