Vulnerability Details : CVE-2013-3261
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2013-3261
- cpe:2.3:a:photogallerycreator:flash-album-gallery:*:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.56:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.55:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.54:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.53:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.85:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.84:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.83:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.82:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.67:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.66:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.65:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.64:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.50:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.49:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.48:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.47:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.61:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.46:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.45:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.44:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.43:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.32:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.29:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.51:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.18:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.81:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.79:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.72:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.70:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.63:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.54:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.52:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.44:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.42:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.58:pl1:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.49:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.42:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.40:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.39:pl2:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.36:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.34:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.77:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.76:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.75:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.74:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.59:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.58:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.57:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.56:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.55:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.57:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.56:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.55:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.39:pl1:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.39:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.38:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.37:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.70:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.52:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.80:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.78:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.73:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.71:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.62:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.60:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.45:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.43:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.59:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.58:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.53:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.50:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.41:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.39:pl3:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.35:*:*:*:*:*:*:*
- cpe:2.3:a:photogallerycreator:flash-album-gallery:0.33:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3261
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3261
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-3261
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3261
-
http://secunia.com/advisories/53111
Sign inVendor Advisory
-
http://wordpress.org/plugins/flash-album-gallery/changelog/
Gallery – Flagallery Photo Portfolio – WordPress plugin | WordPress.org
Jump to