3 matches found
CVE-2021-24903
The CVE-2021-24903 entry concerns the WordPress plugin GRAND FlaGallery (≤ 6.1.2). Affected component: gallery settings in the admin UI; root cause: insufficient sanitisation/escaping of certain settings, enabling Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is dis...
CVE-2011-4624
The CVE-2011-4624 entry refers to a Cross-Site Scripting (XSS) flaw in the WordPress GRAND FlAGallery plugin (flash-album-gallery) specifically in facebook.php, exploitable before version 1.57 via the i parameter. Connected documents (e.g., NUCLEI template and OpenVAS entry) corroborate this XSS ...
CVE-2014-8491
The CVE-2014-8491 issue affects the Grand Flagallery WordPress plugin prior to version 4.25. Affected component: the plugin’s gallery-related scripts (flagallery-skins/banner_widget_default/gallery.php and flash-album-gallery/skins/banner_widget_default/gallery.php). Root cause: these endpoints c...