39 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in facebook.php in the GRAND FlAGallery plugin flash-album-gallery before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter...
CVE-2011-4624
Cross-site scripting XSS vulnerability in facebook.php in the GRAND FlAGallery plugin flash-album-gallery before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter...
CVE-2011-4624
The CVE-2011-4624 entry refers to a Cross-Site Scripting (XSS) flaw in the WordPress GRAND FlAGallery plugin (flash-album-gallery) specifically in facebook.php, exploitable before version 1.57 via the i parameter. Connected documents (e.g., NUCLEI template and OpenVAS entry) corroborate this XSS ...
GRAND FlAGallery Skins - compact_music_player/gallery.php playlist Parameter SQL Injection
The flagallery-skins WordPress plugin was affected by a compactmusicplayer/gallery.php playlist Parameter SQL Injection security vulnerability...
GRAND Flash Album Gallery 2.55 - "gid" SQL Injection
The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a "gid" SQL Injection security vulnerability...
GRAND Flash Album Gallery <= 1.56 - XSS
The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a XSS security vulnerability...
GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection
The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a lib/hitcounter.php pid Parameter SQL Injection security vulnerability...
GRAND Flash Album Gallery - Multiple Vulnerabilities
The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...
GRAND Flash Album Gallery 0.55 - admin/news.php want2Read Parameter Traversal Arbitrary File Access
The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by an admin/news.php want2Read Parameter Traversal Arbitrary File Access security vulnerability...
WordPress GRAND FlAGallery Plugin - SQL Injection
This plugin is prone to an SQL injection vulnerability in compactmusicplayer/gallery.php playlist parameter. Solution Upgrade the plugin...
CVE-2013-3261
Cross-site scripting XSS vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action...
Cross site scripting
Cross-site scripting XSS vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action...
CVE-2013-3261
Cross-site scripting XSS vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action...
CVE-2013-3261
CVE-2013-3261 affects the WordPress GRAND FlAGallery plugin, specifically versions before 2.72. The vulnerability is a reflected XSS in wp-admin/admin.php where an attacker can inject arbitrary script/HTML through the s parameter in a flag-manage-gallery action. The issue is caused by insufficien...
Wordpress Flagallery-Skins SQL Injection
Exploit Title : Wordpress Flagallery-skins plugin SQL Injection Exploit Author : Ashiyane Digital Security Team Home : www.ashiyane.org Security Risk : Medium Dork : inurl:/wp-content/plugins/flagallery-skins/compactmusicplayer/gallery.php?playlist= Tested on: Linux...
WordPress GRAND FlAGallery Plugin <= 2.71 - XSS
Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the "s" parameter in a flag-manage-gallery action. Solution Update the plugin...
WordPress Grand FlAGallery Plugin 1.57 - Cross Site Scripting
WordPress Grand FlAGallery plugin's "flagshow.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker c...
WordPress Plugin GRAND FlAGallery 1.57 - flagshow.php Cross-Site Scripting
WordPress Plugin GRAND FlAGallery 1.57 - flagshow.php Cross-Site Scripting source: https://www.securityfocus.com/bid/51012/info GRAND FlAGallery plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...
WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/51012/info GRAND FlAGallery plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...