Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackAlejandro RodriguezPATCHSTACK:610DE8A366DA1DEF098D6CB83339D904
HistoryApr 06, 2010 - 12:00 a.m.

WordPress NextGEN Gallery Plugin <= 1.5.1 - XSS Vulnerability

2010-04-0600:00:00
Alejandro Rodriguez
patchstack.com
4

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

This NextGEN Gallery plugin is prone to a cross-site scripting vulnerability. It is really popular plugin for the WordPress content management system, usually found as a blogging platform. The vulnerability manipulates the mode parameter of the xml/media-rss.php script and it results that unsanitized imput can be crafted into an attack by a malicious user.

Solution

           Update the plugin.

Also you can yse a browser by the server (for the example, Google Chrome, Mozilla Firefox, Opera, Apple Safari), but not Internet Explorer.

CPENameOperatorVersion
nextgen galleryle1.5.1

Related

prion 1
checkpoint_advisories 1
seebug 2
cve 1
wpvulndb 1
packetstorm 1
exploitpack 1
securityvulns 2
exploitdb 1
prion
prion
Cross site scripting
2010-04-07 15:30:00
checkpoint_advisories
checkpoint_advisories
WordPress NextGEN Gallery Plugin Cross-Site Scripting (CVE-2010-1186)
2020-11-21 00:00:00
seebug
seebug
Wordpress Plugin NextGEN Gallery <= 1.5.1 - XSS Vulnerability
2014-07-01 00:00:00
WordPress NextGEN Gallery插仢modeε‚ζ•°θ·¨η«™θ„šζœ¬ζΌζ΄ž
2010-04-09 00:00:00
cve
cve
CVE-2010-1186
2010-04-07 15:30:00
wpvulndb
wpvulndb
NextGEN Gallery <= 1.5.1 - Cross-Site Scripting (XSS)
2014-08-01 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2010.0323
2010-04-07 00:00:00
exploitpack
exploitpack
WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting
2010-04-06 00:00:00
securityvulns
securityvulns
CORE-2010-0323: XSS Vulnerability in NextGEN Gallery Wordpress Plugin
2010-04-07 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-04-07 00:00:00
exploitdb
exploitdb
WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting
2010-04-06 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for PATCHSTACK:610DE8A366DA1DEF098D6CB83339D904
prion1checkpoint_advisories1seebug2cve1wpvulndb1packetstorm1exploitpack1securityvulns2exploitdb1