ThreatPress

WordPress Vulnerabilities Database

Back

WordPress NextCellent Gallery Plugin <= 1.19.17 - XSS

Product
NextCellent Gallery
Description
Because of this vulnerability in admin/manage-images.php, authenticated users can inject arbitrary web script or HTML via the "Alt & Title Text" field.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2014-3123
Versions
Affected In <= 1.19.17
Fixed In 1.19.18
Disclosure date
2014-04-29
Credits
Larry W. Cashdollar