Alex Rabe » Nextgen Gallery : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
Max CVSS
4.3
EPSS Score
1.77%
Published
2010-04-07
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.
Max CVSS
4.3
EPSS Score
0.13%
Published
2009-09-08
Updated
2018-10-11
2 vulnerabilities found