CVE-2014-3123

Sažetak

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.

Reference

http://secunia.com/advisories/58031
http://www.securityfocus.com/bid/67085
http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13
https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-05-2014 - 17:29

Objavljeno

08-05-2014 - 14:29