Cross site scripting

2019-11-2615:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.

CPENameOperatorVersion
nextgen_gallerylt2.1.10

CPE	Name	Operator	Version
	nextgen_gallery	lt	2.1.10

References

cybersecurityworks.com/zerodays/cve-2015-9537-nextgen.html

github.com/cybersecurityworks/Disclosed/issues/1

wordpress.org/plugins/nextgen-gallery/

www.openwall.com/lists/oss-security/2015/10/27/4