CVE-2015-9229

2017-09-1222:00:00

mitre

www.cve.org

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

39.4%

JSON

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.

References

cybersecurityworks.com/zerodays/cve-2015-9229-nextgen-gallery.html

github.com/cybersecurityworks/Disclosed/issues/5