CVE-2010-1186

🗓️ 07 Apr 2010 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 56 Views🌐 WEB

Cross-site scripting vulnerability in NextGEN Gallery plugin for WordPress (CVE-2010-1186

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2010-1186	6 Apr 201000:00	–	circl
Core Security	XSS Vulnerability in NextGEN Gallery Wordpress Plugin	6 Apr 201000:00	–	coresecurity
Check Point Advisories	WordPress NextGEN Gallery Plugin Cross-Site Scripting (CVE-2010-1186)	21 Nov 202000:00	–	checkpoint_advisories
Cvelist	CVE-2010-1186	7 Apr 201015:00	–	cvelist
Exploit DB	WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting	6 Apr 201000:00	–	exploitdb
EUVD	EUVD-2010-1216	7 Oct 202500:30	–	euvd
exploitpack	WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting	6 Apr 201000:00	–	exploitpack
NVD	CVE-2010-1186	7 Apr 201015:30	–	nvd
Packet Storm	Core Security Technologies Advisory 2010.0323	7 Apr 201000:00	–	packetstorm
Patchstack	WordPress NextGEN Gallery Plugin <= 1.5.1 - XSS Vulnerability	6 Apr 201000:00	–	patchstack

NVD

Node

alex_rabe nextgen_galleryRange≤1.5.1

alex_rabe nextgen_galleryMatch0.33

alex_rabe nextgen_galleryMatch0.34

alex_rabe nextgen_galleryMatch0.35

alex_rabe nextgen_galleryMatch0.36

alex_rabe nextgen_galleryMatch0.37

alex_rabe nextgen_galleryMatch0.39

alex_rabe nextgen_galleryMatch0.40

alex_rabe nextgen_galleryMatch0.41

alex_rabe nextgen_galleryMatch0.42

alex_rabe nextgen_galleryMatch0.43

alex_rabe nextgen_galleryMatch0.50

alex_rabe nextgen_galleryMatch0.51

alex_rabe nextgen_galleryMatch0.52

alex_rabe nextgen_galleryMatch0.60

alex_rabe nextgen_galleryMatch0.61

alex_rabe nextgen_galleryMatch0.62

alex_rabe nextgen_galleryMatch0.63

alex_rabe nextgen_galleryMatch0.64

alex_rabe nextgen_galleryMatch0.70

alex_rabe nextgen_galleryMatch0.71

alex_rabe nextgen_galleryMatch0.72

alex_rabe nextgen_galleryMatch0.73

alex_rabe nextgen_galleryMatch0.74

alex_rabe nextgen_galleryMatch0.80

alex_rabe nextgen_galleryMatch0.81

alex_rabe nextgen_galleryMatch0.82

alex_rabe nextgen_galleryMatch0.83

alex_rabe nextgen_galleryMatch0.90

alex_rabe nextgen_galleryMatch0.91

alex_rabe nextgen_galleryMatch0.92

alex_rabe nextgen_galleryMatch0.93

alex_rabe nextgen_galleryMatch0.94

alex_rabe nextgen_galleryMatch0.95

alex_rabe nextgen_galleryMatch0.96

alex_rabe nextgen_galleryMatch0.97

alex_rabe nextgen_galleryMatch0.98

alex_rabe nextgen_galleryMatch0.99

alex_rabe nextgen_galleryMatch1.0.0

alex_rabe nextgen_galleryMatch1.0.1

alex_rabe nextgen_galleryMatch1.0.2

alex_rabe nextgen_galleryMatch1.1.0

alex_rabe nextgen_galleryMatch1.2.0

alex_rabe nextgen_galleryMatch1.2.1

alex_rabe nextgen_galleryMatch1.3.0

alex_rabe nextgen_galleryMatch1.3.1

alex_rabe nextgen_galleryMatch1.3.2

alex_rabe nextgen_galleryMatch1.3.3

alex_rabe nextgen_galleryMatch1.3.4

alex_rabe nextgen_galleryMatch1.3.5

alex_rabe nextgen_galleryMatch1.3.6

alex_rabe nextgen_galleryMatch1.4.0

alex_rabe nextgen_galleryMatch1.4.1

alex_rabe nextgen_galleryMatch1.4.2

alex_rabe nextgen_galleryMatch1.4.3

alex_rabe nextgen_galleryMatch1.5.0

AND

wordpress wordpress

Source	Link
vupen	www.vupen.com/english/advisories/2010/0821
coresecurity	www.coresecurity.com/content/nextgen-gallery-xss-vulnerability
secunia	www.secunia.com/advisories/39341
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/57562
securityfocus	www.securityfocus.com/bid/39250
wordpress	www.wordpress.org/extend/plugins/nextgen-gallery/changelog/
exploit-db	www.exploit-db.com/exploits/12098

Parameter	Position	Path	Description	CWE
mode	query param	wordpress/wp-content/plugins/nextgen-gallery/xml/media-rss.php	Reflected XSS via unsanitized mode parameter in media-rss.php	CWE-79

29 Apr 2026 01:13Current

5.7Medium risk

Vulners AI Score5.7

CVSS 24.3

EPSS0.01099

CWE-79