5 matches found
WordPress NextGEN Gallery Plugin Cross-Site Scripting (CVE-2010-1186)
A script injection vulnerability exists in Alex rabe nextgen gallery 0.33. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Wordpress Plugin NextGEN Gallery <= 1.5.1 - XSS Vulnerability
No description provided by source. XSS Vulnerability in NextGEN Gallery Wordpress Plugin 1. Advisory Information Title: XSS Vulnerability in NextGEN Gallery Wordpress Plugin Advisory Id: CORE-2010-0323 Advisory URL: http://www.coresecurity.com/content/nextgen-gallery-xss-vulnerability Date...
WordPress NextGEN Gallery插件mode参数跨站脚本漏洞
BUGTRAQ ID: 39250 CVE ID: CVE-2010-1186 WordPress是一款免费的论坛Blog系统。 WordPress所使用的NextGEN Gallery图形库插件没有正确地转义提交给media-rss.php脚本的mode参数: /----- $mode = $GET"mode"; - -----/ 如果没有选择正确的mode,该参数就被返回给用户: /----- else header'content-type:text/plain;charset=utf-8'; echo sprintf"Invalid MediaRSS command...
CVE-2010-1186
Cross-site scripting XSS vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter...
CVE-2010-1186
The CVE-2010-1186 entry documents a Cross-Site Scripting (XSS) vulnerability in the NextGEN Gallery WordPress plugin. Affected component: xml/media-rss.php; vulnerable until version 1.5.2 where the mode parameter is reflected without proper escaping, enabling remote attackers to inject arbitrary ...