2 matches found
CVE-2014-4529
CVE-2014-4529 describes a cross-site scripting (XSS) vulnerability in the Flash Photo Gallery WordPress plugin (versions 0.7 and earlier). The issue lies in fpg_preview.php where the path parameter can be manipulated to inject arbitrary web script/HTML. Impact is remote code injection in the cont...
CVE-2014-4529
Cross-site scripting XSS vulnerability in fpgpreview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter...